Lucene search
+L

1066 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.3 views

CVE-2026-24373

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-32385

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

5.4CVSS5.8AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.8 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.6 views

CVE-2026-1454

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

7.2CVSS6AI score0.00241EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/26 12:33 a.m.8 views

Malicious code in @opengov/form-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19bbc2729962e719c0df5dd96e17dd7ceb90a0a5506ebb318cc50c19b6fe8bb8 The package @opengov/form-builder was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/26 12:33 a.m.6 views

MAL-2026-2210 Malicious code in @opengov/form-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19bbc2729962e719c0df5dd96e17dd7ceb90a0a5506ebb318cc50c19b6fe8bb8 The package @opengov/form-builder was found to contain malicious code. Source: google-open-source-security...

5.9AI score
Exploits0References3
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15903

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.8 views

EUVD-2026-15569

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...

5.8AI score0.00376EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:17 p.m.7 views

CVE-2026-32532

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

7.1CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-24373

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...

8.1CVSS0.00376EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:15 p.m.12 views

CVE-2026-32532

WordPress plugin: Contact Form & Lead Form Elementor Builder (versions ≤ 2.0.1) has a Cross Site Scripting (XSS) vulnerability. Discovered by daroo. The Patchstack entry confirms the affected plugin and the XSS issue; no fix version is stated in the provided documents.

7.1CVSS5.8AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.4 views

CVE-2026-32525

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...

5.8AI score0.00294EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-32498 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

5.8AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-28012

Name of the Vulnerable Software and Affected Versions RegistrationMagic versions prior to 6.0.7.7 Description A missing authorization flaw exists in the RegistrationMagic custom-registration-form-builder-with-submission-manager. This issue allows exploitation of incorrectly configured access...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/24 8:31 a.m.14 views

WordPress ARForms plugin <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution vulnerability

Unauthenticated Blind Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin ARForms Form Builder versions = 1.7.2...

5.6CVSS5.8AI score0.00268EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.7 views

EUVD-2026-14178

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References6
NVD
NVD
added 2026/03/21 4:17 a.m.7 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS0.00231EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.4 views

CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:26 a.m.10 views

CVE-2026-3546

The CVE concerns the WordPress plugin e-shot form builder (≤ v1.0.2). The vulnerable component is eshot_form_builder_get_account_data(), registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks capability checks (no current_user_can) and does not verify a no...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.7 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References6
Rows per page
Query Builder