Lucene search
K

121 matches found

NVD
NVD
added yesterday5 views

CVE-2026-9145

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-11562 WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

0.00162EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 4:13 p.m.6 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection vulnerability

Authenticated Adminsitrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:12 p.m.7 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.5 views

CVE-2026-42659 WordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerability

Subscriber Broken Access Control in Advanced Form Integration = 1.126.12 versions...

6.5CVSS5.1AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.21 views

CVE-2026-39502

This CVE concerns the WordPress plugin Form Maker by 10Web (versions &lt;= 1.15.38). The issue is described as an Unauthenticated SQL Injection vulnerability in Form Maker by 10Web

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.28 views

CVE-2026-39502 WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:17 p.m.6 views

CVE-2026-39502 WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 7:50 a.m.14 views

EUVD-2026-35995

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
NVD
NVD
added 2026/05/23 7:16 p.m.15 views

CVE-2018-25346

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/23 6:30 p.m.10 views

EUVD-2018-21866

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS5.9AI score0.00197EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:50 a.m.8 views

CVE-2026-8692

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References9
CVE
CVE
added 2026/05/15 7:46 a.m.29 views

CVE-2026-5229

The Form Notify plugin for WordPress is vulnerable to an Authentication Bypass in versions up to 1.1.10 due to trusting user-controlled cookie data to select the WordPress account after a LINE OAuth login. If LINE omits an email address, the plugin uses the 'form_notify_line_email' cookie without...

9.8CVSS5.8AI score0.0073EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/05/14 8:24 a.m.38 views

CVE-2026-6206 MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

5.3CVSS0.00351EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.15 views

PT-2026-39484

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form id parameter. Attackers can craft malicious URLs to code generator.php with script payloads in the form id paramete...

6.1CVSS6AI score0.00208EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/16 10:3 a.m.7 views

WordPress Form Maker by 10Web plugin <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability

Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Form Maker by 10Web versions = 1.15.40...

7.2CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/14 11:0 a.m.5 views

WordPress Form Maker plugin < 1.15.38 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hiariz in WordPress Plugin Form Maker by 10Web versions 1.15.38...

6.8CVSS6AI score0.00272EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 8:25 p.m.1 views

CVE-2026-5436 MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

8.1CVSS6.4AI score0.01069EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 8:25 p.m.35 views

CVE-2026-5436 MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

8.1CVSS0.01069EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/08 10:34 a.m.7 views

WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Form Maker by 10Web versions = 1.15.38...

6AI score0.00283EPSS
Exploits0Affected Software1
Rows per page
Query Builder