WordPress RegistrationMagic plugin < 6.0.7.2 - Subscriber+ Form Creation vulnerability

Subscriber+ Form Creation vulnerability discovered by bRpsd in WordPress Plugin RegistrationMagic versions 6.0.7.2...

CVE-2026-0929 RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

CVE-2026-0929 RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

CVE-2026-0929

The CVE concerns the RegistrationMagic WordPress plugin prior to version 6.0.7.2, which lacks proper capability checks. This allows users with subscriber level (and higher) to create forms on the site. The description specifies the affected plugin and version, and the impact is unauthorized form ...

CVE-2026-0929

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

WordPress plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-13722

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

PT-2026-1605

Name of the Vulnerable Software and Affected Versions Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress versions through 6.1.7 Description The Fluent Forms plugin for WordPress is affected by a missing authorization issue. Capability check...

WordPress plugin Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 安全漏洞

...

WordPress Fluent Forms plugin <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Form Creation via AI Builder vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin FluentForm versions = 6.1.7...

iccDEV 安全漏洞

iccDEV is a color configuration codebase open-sourced by the International Color Consortium ICC. A security vulnerability exists in iccDEV 2.3.1 and earlier versions, which stems from the presence of post-release reuse in the CIccXform::Create function, which could lead to a post-release reuse...

PT-2025-51376

Name of the Vulnerable Software and Affected Versions JetFormBuilder versions up to and including 3.5.3 Description The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress has a flaw that allows unauthorized modification of data. A missing capability check on the run callback functi...

CVE-2025-10309

The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create new PayPal forms and...

EUVD-2025-30312

Malicious code in bioql PyPI...

CVE-2025-10309

The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create new PayPal forms and...

CVE-2025-10309 PayPal Forms <= 1.0.3 - Cross-Site Request Forgery

The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the form creation and management functions. This makes it possible for unauthenticated attackers to create new PayPal forms and...

CVE-2025-10489

The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the registerposttypes function in all versions up to, and including, 1.12.0. This makes it...

CVE-2025-10489

The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the registerposttypes function in all versions up to, and including, 1.12.0. This makes it...

CVE-2025-10489 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation

The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the registerposttypes function in all versions up to, and including, 1.12.0. This makes it...