14 matches found
CVE-2025-12528
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...
CVE-2025-12528
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...
CVE-2025-12528
CVE-2025-12528 concerns the Pie Forms for WP WordPress plugin (versions <= 1.6). The issue is an Arbitrary File Upload due to insufficient file-type validation: validate_classic checks extensions but does not stop the upload, enabling unauthenticated attackers to upload dangerous extensions (e...
EUVD-2025-197948
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...
CVE-2025-12528 Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...
CVE-2025-12528 Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload
The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...
PT-2025-47259
Name of the Vulnerable Software and Affected Versions Pie Forms for WP plugin for WordPress versions prior to 1.7 Description The Pie Forms for WP plugin for WordPress is susceptible to an Arbitrary File Upload issue through the format classic function. Insufficient file type validation within th...
WordPress plugin Pie Forms for WP 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
WordPress Pie Forms for WP plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Vanh - GCSC in WordPress Plugin Drag & Drop Builder versions = 1.6...
WordPress plugin Pie Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Forms by Pie Forms plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...
WordPress Forms by Pie Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...
WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a form, go to the Form Settings - General Settings and put the following payload in the "Form...
WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Create/edit a form, go to the Form Settings - General Settings and put the following payload in the...