PT-2026-39484

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form id parameter. Attackers can craft malicious URLs to code generator.php with script payloads in the form id paramete...

CVE-2025-69326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

PT-2026-21140

Name of the Vulnerable Software and Affected Versions Basix NEX-Forms versions through 9.1.7 Description The software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means that malicious code can be embedded in we...

PT-2026-21142

Name of the Vulnerable Software and Affected Versions Basix NEX-Forms versions through 9.1.7 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This allows an attacke...

CVE-2025-13205

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the...

CVE-2025-13139

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to...

WordPress plugin SurveyJS: Drag & Drop WordPress Form Builder – Cross-site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

EUVD-2023-56248

Malicious code in bioql PyPI...

EUVD-2023-55629

Malicious code in bioql PyPI...

EUVD-2025-15472

Malicious code in bioql PyPI...

EUVD-2022-48657

Malicious code in bioql PyPI...

CVE-2024-13451

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing...

CVE-2025-48333

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPQuark eForm - WordPress Form Builder wp-fsqm-pro allows Reflected XSS.This issue affects eForm - WordPress Form Builder: from n/a through 4.19.1...

CVE-2025-48333 WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPQuark eForm - WordPress Form Builder wp-fsqm-pro allows Reflected XSS.This issue affects eForm - WordPress Form Builder: from n/a through 4.19.1...

CVE-2025-48333

CVE-2025-48333 affects WPQuark eForm (WP eForm - WordPress Form Builder) with a Reflected XSS due to improper input neutralization during web page generation. The vulnerability is tracked in CVE-2025-48333 and has a CVSS v3.1 base score of 7.1 (HIGH): Network attack vector, Low confidentiality/In...

CVE-2023-51536

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2...

PT-2025-22685 · WordPress · Pixel Wordpress Form Builderplugin & Autoresponder

Name of the Vulnerable Software and Affected Versions: Pixel WordPress Form BuilderPlugin & Autoresponder versions 1.0.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for Blind...

CVE-2022-45803

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3...

CVE-2025-31915

Cross-Site Request Forgery CSRF vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through = 1.0.3...

CVE-2025-31915 WordPress Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2...