CVE-2025-1294

The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

EUVD-2025-28206

Malicious code in bioql PyPI...

CVE-2025-48333

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPQuark eForm - WordPress Form Builder wp-fsqm-pro allows Reflected XSS.This issue affects eForm - WordPress Form Builder: from n/a through 4.19.1...

CVE-2025-48333

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPQuark eForm - WordPress Form Builder wp-fsqm-pro allows Reflected XSS.This issue affects eForm - WordPress Form Builder: from n/a through 4.19.1...

CVE-2025-48333 WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPQuark eForm - WordPress Form Builder wp-fsqm-pro allows Reflected XSS.This issue affects eForm - WordPress Form Builder: from n/a through 4.19.1...

CVE-2025-48333

CVE-2025-48333 affects WPQuark eForm (WP eForm - WordPress Form Builder) with a Reflected XSS due to improper input neutralization during web page generation. The vulnerability is tracked in CVE-2025-48333 and has a CVSS v3.1 base score of 7.1 (HIGH): Network attack vector, Low confidentiality/In...

CVE-2025-48333 WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPQuark eForm - WordPress Form Builder allows Reflected XSS. This issue affects eForm - WordPress Form Builder: from n/a through n/a...

PT-2025-25687 · WordPress · Eform

Name of the Vulnerable Software and Affected Versions: eForm - WordPress Form Builder affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potentia...

WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability

WordPress eForm - WordPress Form Builder 4.19.1 - Cross Site Scripting XSS Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin eForm - WordPress Form Builder versions 4.19.1...

CVE-2025-1294 eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting

The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2025-1294 eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting

The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

CVE-2025-1294

CVE-2025-1294 : The eForm - WordPress Form Builder plugin for WordPress is affected by a stored XSS vulnerability in all versions up to and including 4.18.0, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts that execu...

PT-2025-17847 · WordPress · Eform

Name of the Vulnerable Software and Affected Versions: eForm - WordPress Form Builder plugin versions up to, and including, 4.18.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to...

WordPress plugin eForm 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

Evolution 1.1 and Prior Remote Execution

Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.1 Vulnerability Type: Remote Code Execution Report Date: 2016-November-08 Fixed Date: 2016-November-12 Description The following components distributed with all versions of MODX Evolution and 0.9.x contain a vulnerability, th...

epic.epd.gov.hk XSS vulnerability

Vulnerable URL: https://epic.epd.gov.hk/eForm/cnp/download.jsp?lang=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 10:35 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...