Malicious Package

Overview use-form-builder-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2026-2529 Malicious code in use-form-builder-plugin (npm)

Package is malware. Collects system info, exfiltrates data via HTTP/DNS, executes commands, and uses preinstall script for auto-execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdced38cb2f5f34bb91f39b16697369424bf1cbde84ca18363e78454b31d6ddc The packag...

EUVD-2024-51717

Malicious code in bioql PyPI...

CVE-2025-31915 WordPress Pixel Form BuilderPlugin & Autoresponder plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder pixel-formbuilder allows Cross Site Request Forgery.This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through = 1.0.3...

CVE-2025-31915 WordPress Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n/a through 1.0.2...

CVE-2024-10504

The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks...

CVE-2022-45803

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3...

CVE-2022-45803

CVE-2022-45803 affects the WordPress plugin “WordPress Form Builder Plugin – Gutenberg Forms” (

WordPress plugin Hash Form Drag Drop Form Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2023-6828

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This...

CVE-2023-6842

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input...

CVE-2023-5990

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

CVE-2023-44474

CVE-2023-44474 concerns the Tiger Forms – Drag and Drop Form Builder WordPress plugin. The vulnerability is an unauthenticated, reflected Cross-Site Scripting (XSS) flaw affecting versions ≤ 2.0.0. Root cause details are not explicitly provided beyond the XSS classification, but public sources co...

CVE-2023-23795 WordPress Form Builder Plugin <= 1.9.9.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Muneeb Form Builder plugin = 1.9.9.0 versions...

WordPress plugin Form Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2023-0695

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...

CVE-2023-27613 WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MonitorClick Forms Ada – Form Builder plugin = 1.0 versions...

CVE-2023-27613

CVE-2023-27613 affects WordPress plugin Forms Ada – Form Builder (MonitorClick Forms Ada) ≤ 1.0. It is an unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization, allowing injected script to be reflected in responses. Impact is limited to clie...

CVE-2021-36821

Summary of CVE-2021-36821 – WordPress Forminator stored XSS : The vulnerability affects the Forminator plugin for WordPress, with versions up to and including 1.14.11. The underlying issue is improper neutralization of input during web page generation, resulting in stored Cross-Site Scripting (XS...