60 matches found
CVE-2025-11977
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...
CVE-2025-11977 HappyForms <= 1.26.12 - Authenticated (Admin+) Local File Inclusion
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...
CVE-2025-11977
The CVE-2025-11977 entry concerns the WordPress plugin Happyforms – Form Builder for WordPress (drag & drop forms, surveys, payments, multipurpose forms). A Local File Inclusion vulnerability exists in all versions up to and including 1.26.12 via the happyforms_get_form_partial() function. Exploi...
EUVD-2025-210450
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...
WordPress Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin <= 1.26.12 - Authenticated (Admin+) Local File Inclusion vulnerability
Authenticated Admin+ Local File Inclusion vulnerability discovered by Rahul Sreenivasan Tr0j4n in WordPress Plugin Happyforms versions = 1.26.12...
CVE-2026-49768
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
CVE-2026-49768
CVE-2026-49768 affects the WordPress plugin Happyforms (versions ≤ 1.26.13). The vulnerability is an unauthenticated PHP Object Injection in Happyforms, caused by an unsafe object deserialization path. Impact is described as high for confidentiality, integrity, and availability, with a CVSS 3.1 b...
EUVD-2026-36891
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
CVE-2026-49768 WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
PT-2026-49514
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by longnv719 in WordPress Plugin Happyforms versions = 1.26.13...
EUVD-2024-21016
Malicious code in bioql PyPI...
EUVD-2023-52785
Malicious code in bioql PyPI...
EUVD-2024-40843
Malicious code in bioql PyPI...
CVE-2024-44063
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0...
CVE-2024-23521
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...
CVE-2023-48752
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...
CVE-2023-0096
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10054
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Happyforms plugin < 1.26.3 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Happyforms versions 1.26.3...