62 matches found
CVE-2025-11977
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...
CVE-2025-11977 HappyForms <= 1.26.12 - Authenticated (Admin+) Local File Inclusion
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...
EUVD-2025-210450
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...
CVE-2025-11977
The CVE-2025-11977 entry concerns the WordPress plugin Happyforms – Form Builder for WordPress (drag & drop forms, surveys, payments, multipurpose forms). A Local File Inclusion vulnerability exists in all versions up to and including 1.26.12 via the happyforms_get_form_partial() function. Exploi...
CVE-2025-11977
The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...
PT-2026-57111
Name of the Vulnerable Software and Affected Versions Happyforms – Form Builder for WordPress versions prior to 1.26.13 Description The plugin is subject to Local File Inclusion, a condition where an application includes files from the local file system without proper validation. This occurs...
WordPress Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin <= 1.26.12 - Authenticated (Admin+) Local File Inclusion vulnerability
Authenticated Admin+ Local File Inclusion vulnerability discovered by Rahul Sreenivasan Tr0j4n in WordPress Plugin Happyforms versions = 1.26.12...
CVE-2026-49768
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
CVE-2026-49768
CVE-2026-49768 affects the WordPress plugin Happyforms (versions ≤ 1.26.13). The vulnerability is an unauthenticated PHP Object Injection in Happyforms, caused by an unsafe object deserialization path. Impact is described as high for confidentiality, integrity, and availability, with a CVSS 3.1 b...
CVE-2026-49768 WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
EUVD-2026-36891
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
PT-2026-49514
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by longnv719 in WordPress Plugin Happyforms versions = 1.26.13...
EUVD-2024-40843
Malicious code in bioql PyPI...
EUVD-2023-52785
Malicious code in bioql PyPI...
EUVD-2024-21016
Malicious code in bioql PyPI...
CVE-2024-44063
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0...
CVE-2024-23521
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10...
CVE-2023-48752
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in touch with visitors, gro...
CVE-2023-0096
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...