Lucene search
K

779 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-11578

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...

2.7CVSS0.00168EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-41253

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago40 views

CVE-2026-11578 Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...

0.00168EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-11578

The CVE concerns the Fluent Forms WordPress plugin prior to 6.2.5, where deletion of form submission entries is not properly restricted to forms a restricted Manager is authorized to manage. This misconfiguration allows a Manager limited to specific forms to permanently delete submission entries ...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-11794

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...

8.1CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-1239

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...

7.5CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-11794 Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...

0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-1239 Ninja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST Endpoint

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing authorization check on the 'ninja-forms-views/token/refresh' REST callback in all versions up to, and including, 3.14.1. This makes it possible for...

7.5CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 5 days ago20 views

CVE-2026-1239

The CVE-2026-1239 entry concerns the WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You. A missing authorization check on the REST callback ninja-forms-views/token/refresh affects all versions up to and including 3.14.1, permitting unauthenticated attackers to view form s...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2026/06/27 6:16 a.m.10 views

CVE-2026-12404

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00281EPSS
Exploits0References8
CVE
CVE
added 2026/06/27 5:33 a.m.21 views

CVE-2026-12404

The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress. All versions up to and including 9.2.2 are vulnerable to an authorization bypass due to improper verification of user permissions. This allows unauthenticated attackers to enumerate sequential report IDs and download complete f...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-12094 Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS0.00295EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.11 views

CVE-2026-12094

The CVE describes a vulnerability in the Advanced Contact Form 7 - Compact DB plugin for WordPress (versions delete() on the wp_cf7cdb_data table, using an attacker-supplied integer ID. This allows unauthenticated attackers to delete arbitrary contact form submission entries by enumerating primar...

5.3CVSS6AI score0.00295EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.5 views

WordPress Advanced Contact Form 7 – Compact DB plugin <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Advanced Contact Form 7 – Compact DB versions = 1.0.0...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-48505

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...

7.4CVSS0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 9:39 p.m.24 views

CVE-2026-48505 Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not...

7.4CVSS0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51391

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions prior to 5.6.5 Description A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This...

7.4CVSS5.9AI score0.00193EPSS
Exploits0References7
NVD
NVD
added 2026/06/18 6:16 a.m.9 views

CVE-2026-12120

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'formid' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of a...

5.3CVSS0.00331EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 4:31 a.m.9 views

EUVD-2026-37839

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'formid' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of a...

5.3CVSS5.4AI score0.00331EPSS
Exploits0References10
CVE
CVE
added 2026/06/18 4:31 a.m.19 views

CVE-2026-12120

The CVE-2026-12120 entry describes a vulnerability in the WordPress plugin FireBox Popups – Increase Sales and Grow Your Email List. Affected versions are all up to and including 3.1.7, with exploitation via the form_id parameter allowing unauthenticated attackers to retrieve a full CSV export of...

5.3CVSS5.5AI score0.00331EPSS
Exploits0References10
Rows per page
Query Builder