Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/02 5:29 a.m.3 views

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:59 a.m.19 views

CVE-2024-1668

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents...

6.5CVSS6.5AI score0.00658EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.4 views

PT-2024-18212 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & WooCommerce theme for WordPress versions up to and including 7.11.5 Description: The issue allows authenticated attackers with contributor access and above to view the contents of all form submissions,...

6.5CVSS9.3AI score0.00658EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/05/26 5:15 p.m.4 views

CVE-2023-2817

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions = 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively...

5.4CVSS6AI score0.00444EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/03/04 12:0 a.m.4 views

PT-2019-19714 · WordPress · Forminator Contact Form

Name of the Vulnerable Software and Affected Versions: Forminator Contact Form, Poll & Quiz Builder plugin version 1.6 and earlier Description: The issue concerns SQL Injection via the "wp-admin/admin.php?page=forminator-entries" entry parameter, which can be exploited if the attacker has the...

6.5CVSS6.8AI score0.01574EPSS
Exploits1References7
Rows per page
Query Builder