Lucene search
K

456 matches found

Cvelist
Cvelist
added 2026/07/01 4:32 a.m.40 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/01 4:32 a.m.9 views

EUVD-2026-40907

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS5.9AI score0.00343EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/20 1:27 a.m.33 views

CVE-2026-9843 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS0.00662EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36970

Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...

6.4CVSS5.1AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.16 views

CVE-2026-49104

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

9.8CVSS0.00476EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-48835

Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...

7.5CVSS0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-39594

Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...

6.4CVSS0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.31 views

CVE-2026-49765 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...

9.8CVSS0.00383EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.26 views

CVE-2026-49765

The CVE-2026-49765 entry concerns the WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin (versions &lt;= 1.1.8). The connected sources confirm unauthenticated PHP Object Injection as the vulnerability, with a CVSS 3.1 base score of 9.8 (CRITICAL) and im...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.8 views

CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

9.8CVSS5.3AI score0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.30 views

CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

9.8CVSS0.00476EPSS
Exploits1References1
CVE
CVE
added 2026/06/15 8:19 p.m.29 views

CVE-2026-49105

CVE-2026-49105 concerns the WordPress plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms, with affected versions

9.8CVSS5.3AI score0.00476EPSS
Exploits1References1
CVE
CVE
added 2026/06/15 8:19 p.m.43 views

CVE-2026-49104

CVE-2026-49104 affects the WordPress plugin “Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions

9.8CVSS5.3AI score0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.31 views

CVE-2026-49085 WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

9.8CVSS0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-48835 WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...

7.5CVSS0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36843

Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...

7.5CVSS5.1AI score0.00305EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.13 views

CVE-2026-39594

CVE-2026-39594 affects the WordPress plugin Ultra Addons for WPForms (versions

6.4CVSS5.1AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49473

Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...

7.5CVSS5.1AI score0.00305EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49513

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49405

Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...

6.4CVSS5.1AI score0.00287EPSS
Exploits0References2
Rows per page
Query Builder