WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.52.1...

EUVD-2026-27229

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...

CVE-2026-5192 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...

CVE-2026-5192

The CVE concerns the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder

CVE-2026-5192 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...

WordPress plugin Forminator 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-69311

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.1...

CVE-2025-69311

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.1...

LiteLLM 安全漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. A security vulnerability exists in LiteLLM v1.52.1, which stems from an error in the parsing team settings that resulted in the disclosure of Langfuse API keys, potentially leading to the...

WordPress plugin Advanced Ads 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-28517 · WordPress · Advanced Ads

Name of the Vulnerable Software and Affected Versions: Advanced Ads – Ad Manager & AdSense plugin for WordPress versions up to and including 1.52.1 Description: The issue is related to Stored Cross-Site Scripting via the Advanced Ad widget due to insufficient input sanitization and output escapin...

WordPress Advanced Ads plugin <= 1.52.1 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by ST in WordPress Plugin Advanced Ads versions = 1.52.1...