WordPress Piotnet Forms plugin <= 2.1.40 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Piotnet Forms versions = 2.1.40...

CVE-2026-4883

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

CVE-2026-4883

Piotnet Forms for WordPress (v2.1.40 and earlier) is affected by a vulnerability in the piotnetforms_ajax_form_builder function, where missing file type validation and an incomplete extension blacklist allow unauthenticated arbitrary file uploads. Since the blacklist only blocks php, phpt, php5, ...

WordPress plugin Piotnet Forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

EUVD-2025-30672

Malicious code in bioql PyPI...

WordPress Piotnet Forms Plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin Piotnet Forms versions = 1.0.30...

WordPress plugin Piotnet Forms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress plugin Piotnet Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Piotnet Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Piotnet Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-6220

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

WordPress Plugin Piotnet Forms Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Plugin Piotnet Forms Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in...