41 matches found
CVE-2026-39436 WordPress CformsII plugin <= 15.1.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3...
WordPress CformsII plugin <= 15.1.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ilay Striechman in WordPress Plugin CformsII versions = 15.1.3...
EUVD-2010-3954
Malware in sbrugna...
EUVD-2025-31412
Malicious code in bioql PyPI...
CVE-2025-9898
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...
CVE-2025-9898
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...
CVE-2025-9898
CVE-2025-9898 (cForms – Light speed fast Form Builder for WordPress) is a Cross-Site Request Forgery vulnerability present in all versions up to 3.0.0. The root cause is missing or incorrect nonce validation on the cforms_api function, enabling unauthenticated attackers to modify forms and their ...
CVE-2025-9898 cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery
The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...
WordPress cForms – Light speed fast Form Builder plugin <= 3.0.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin cForms versions = 3.0.0...
WordPress plugin cForms 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-39716
Name of the Vulnerable Software and Affected Versions cForms – Light speed fast Form Builder plugin for WordPress versions through 3.0.0 Description The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the cforms api function. This allows...
CVE-2023-25449
Cross-Site Request Forgery CSRF vulnerability in Oliver Seidel, Bastian Germann cformsII plugin = 15.0.4 versions...
WordPress cforms2 plugin cross-site scripting vulnerability (CNVD-2019-30758)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cforms2 is a form builder plugin used in it. A cross-site scripting vulnerability exists in the WordPress cforms2 plugin. An...
WordPress cforms2 plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. cforms2 is a form builder plugin used in it. A cross-site scripting vulnerability exists in WordPress cforms2 plugin versions prio...
Cforms & CformsII < 14.13.3 - Multiple XSS
...
Cforms & CformsII < 14.6.10 - SQL Injection
...
WordPress Plugin Cforms 14.7 - Remote Code Execution
WordPress Plugin Cforms 14.7 - Remote Code Execution Exploit Title: Remote Code Execution via Unauthorised File upload in Cforms 14.7 Date: 2015-01-19 Exploit Author: Zakhar Vendor Homepage: https://wordpress.org/plugins/cforms2/ Software Link: https://downloads.wordpress.org/plugin/cforms2.zip...
WordPress Cforms Plugin 14.7 - Remote Code Execution
Cforms plugin is prone to a remote code execution vulnerability, because of script does not check remotely cached files properly. Also, it can attack URL. Solution Upgrade the plugin...
WordPress Plugin Cforms 14.7 - Remote Code Execution
Exploit Title: Remote Code Execution via Unauthorised File upload in Cforms 14.7 Date: 2015-01-19 Exploit Author: Zakhar Vendor Homepage: https://wordpress.org/plugins/cforms2/ Software Link: https://downloads.wordpress.org/plugin/cforms2.zip Version: 14.7 Tested on: Wordpress 4.0 CVE : 2014-9473...
Remote Code Execution via Unauthorised File upload in Cforms 14.7
Advisory: Remote Code Execution via Unauthorised File upload in Cforms 14.7 Advisory ID: - Author: Zakhar Fedotkin Affected Software: Wordpress Plugin Cforms II 14.x-14.7 Release: 12th Nov 2014 Vendor URL: https://wordpress.org/plugins/cforms2/ Vendor Status: fixed CVE-ID: -...