CVE-2026-9815

The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a form's per-field extension allowlist is left empty, allowing unauthenticated attackers to upload PHP files and execute arbitrary code on the server...

CVE-2026-9815

The CVE-2026-9815 entry concerns the MagicForm WordPress plugin (versions up to 0.1.3). The affected component is the file upload path via an unauthenticated AJAX action, where the per-field extension allowlist being empty leads to improper validation of uploaded file types. As a result, unauthen...

EUVD-2025-1936

Malicious code in bioql PyPI...

EUVD-2022-50352

Malicious code in bioql PyPI...

CVE-2025-0939

The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke tho...

CVE-2022-47592

Reflected Cross-Site Scripting XSS vulnerability in Dmytriy.Cooperman MagicForm plugin = 0.1 versions...

CVE-2025-0939

The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke tho...

CVE-2025-0939

The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke tho...

CVE-2025-0939 MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization

The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke tho...

WordPress plugin MagicForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2022-47592

Reflected Cross-Site Scripting XSS vulnerability in Dmytriy.Cooperman MagicForm plugin = 0.1 versions...

CVE-2022-47592

Reflected Cross-Site Scripting XSS vulnerability in Dmytriy.Cooperman MagicForm plugin = 0.1 versions...

CVE-2022-47592

CVE-2022-47592 is a reflected XSS in the WordPress MagicForm plugin &lt;= 0.1 (Dmytriy.Cooperman). The vulnerability arises from insufficient sanitization/escaping of input, allowing an attacker to inject scripts via a reflected parameter. Exploitation is unauthenticated and network-based; the CV...

CVE-2022-47592 WordPress MagicForm Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting XSS vulnerability in Dmytriy.Cooperman MagicForm plugin = 0.1 versions...

WordPress plugin MagicForm 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...