EUVD-2026-34954

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to and including 1.10.0.1. This is due to the PayPal Commerce webhook endpoint processing unauthenticat...

WordPress Fluent Forms plugin <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability

Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submissionid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin FluentForm versions = 6.1.7...

CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

WordPress Beaver Builder – WordPress Page Builder plugin <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Builder Status Tampering vulnerability

Missing Authorization to Authenticated Contributor+ Builder Status Tampering vulnerability discovered by WordFence in WordPress Plugin Beaver Builder versions = 2.9.4...

Syltek application 数据伪造问题漏洞

Syltek application is an application. A security vulnerability previously existed in the Syltek application version 10.22.00 that allowed an attacker to spoof a request and bypass the payment system by marking the item as paid without any authentication...