CVE-2025-31080

The CVE-2025-31080 entry concerns HTML Forms for WordPress (HTML Forms plugin), with a Stored Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. Affected versions are HTML Forms: from n/a through 1.5.1. The CVSS 3.1 base metrics indicate a HIGH ...

CVE-2025-31080 WordPress HTML Forms plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through = 1.5.1...

WordPress plugin HTML Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-56060

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through = 1.4.1...

CVE-2024-56060

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through = 1.4.1...

CVE-2024-56060

CVE-2024-56060 is a Reflected XSS in the WordPress plugin HTML Forms (WordPress plugin: HTML Forms – Simple WordPress Forms) with affected versions listed as

CVE-2024-56060 WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through = 1.4.1...

CVE-2024-56060 WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Reflected XSS.This issue affects HTML Forms: from n/a through = 1.4.1...

WordPress plugin HTML Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin HTML Forms versions = 1.4.1...

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub has released security updates for Enterprise Server GHES to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML...

WordPress HTML Forms plugin < 1.3.34 - Bulk Delete via CSRF vulnerability

Bulk Delete via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin HTML Forms versions 1.3.34...

CVE-2024-6412

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412 HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412 HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-6412

CVE-2024-6412 affects HTML Forms – Simple WordPress Forms Plugin prior to 1.3.34. Description indicates CSRF checks are missing in some areas, enabling CSRF attacks that could cause logged-in users to perform unintended actions. Connected Patchstack data confirms a fix: upgrade to version 1.3.34 ...

WordPress HTML Forms Plugin < 1.3.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software HTML Forms Type Plugin Vulnerable versions 1.3.34 Fixed in 1.3.34 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6412 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 512deb690c57 Credits Bob Matyas Required...

WordPress plugin HTML Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-37605 · WordPress · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.34 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to trick logged-in users into performing unintended actions through CSRF attacks...