EUVD-2026-38104

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

WordPress Avada (Fusion) Builder plugin <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability

Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.3...

CVE-2026-0811 Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vszcf7savesettingcallback' function. This makes it possible for unauthenticated attackers to...

CVE-2026-0811

CVE-2026-0811 affects the Advanced Contact Form 7 DB WordPress plugin, vulnerable in all versions up to 2.0.9 due to missing/incorrect nonce validation in vsz_cf7_save_setting_callback, enabling CSRF-based deletion of form entries. Attack requires an administrator action (e.g., clicking a link) t...

CVE-2026-0811 Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vszcf7savesettingcallback' function. This makes it possible for unauthenticated attackers to...

WordPress Everest Forms plugin <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata vulnerability

Unauthenticated PHP Object Injection via Form Entry Metadata vulnerability discovered by 0xsabre - Mobikwik in WordPress Plugin Everest Forms versions = 3.4.3...

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nfsetentryupdateid vulnerability discovered by Youssef Elouaer in WordPress Plugin NEX-Forms versions = 9.1.9...

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

PT-2026-25529

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit nex form function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

WordPress Unlimited Elements For Elementor plugin <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability

Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.5...

EUVD-2020-15041

Malware in sbrugna...

EUVD-2020-17337

Malware in sbrugna...

EUVD-2018-8330

Malware in sbrugna...

EUVD-2021-34123

Malicious code in bioql PyPI...

EUVD-2022-7389

Malicious code in bioql PyPI...

CVE-2018-16521

An XML External Entity XXE vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0...

CVE-2025-2565

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data...

PT-2024-17481 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions up to, and including, 2.17.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the "bitform-form-entry-edit" endpoint. This allows authenticated attacke...

PT-2024-18188 · Bit Form · Contact Form Builder Plugin

Name of the Vulnerable Software and Affected Versions: The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress versions up to, and including, 2.10.1 Description: The issue is related to insufficient user validation on the...