Lucene search
+L

40 matches found

CVE
CVE
added 6 days ago16 views

CVE-2026-9017

The CVE describes an authorization bypass in the NEX-Forms – Ultimate Forms Plugin for WordPress (vulnerable up to and including 9.2.2). The underlying issue is that the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to overwrite...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
Patchstack
Patchstack
added last week6 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.2.2 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability discovered by Michael Iden Mickhat in WordPress Plugin NEX-Forms versions = 9.2.2...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/20 1:27 a.m.12 views

EUVD-2026-38104

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS6.7AI score0.00662EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/18 5:36 p.m.12 views

WordPress Avada (Fusion) Builder plugin <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability

Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.3...

9.1CVSS5.3AI score0.01193EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 5:25 p.m.27 views

CVE-2026-0811 Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vszcf7savesettingcallback' function. This makes it possible for unauthenticated attackers to...

5.4CVSS0.00136EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 5:25 p.m.4 views

CVE-2026-0811 Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vszcf7savesettingcallback' function. This makes it possible for unauthenticated attackers to...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 5:25 p.m.10 views

CVE-2026-0811

CVE-2026-0811 affects the Advanced Contact Form 7 DB WordPress plugin, vulnerable in all versions up to 2.0.9 due to missing/incorrect nonce validation in vsz_cf7_save_setting_callback, enabling CSRF-based deletion of form entries. Attack requires an administrator action (e.g., clicking a link) t...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/08 6:58 a.m.9 views

WordPress Everest Forms plugin <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata vulnerability

Unauthenticated PHP Object Injection via Form Entry Metadata vulnerability discovered by 0xsabre - Mobikwik in WordPress Plugin Everest Forms versions = 3.4.3...

9.8CVSS5.9AI score0.00878EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/03/17 6:35 a.m.7 views

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nfsetentryupdateid vulnerability discovered by Youssef Elouaer in WordPress Plugin NEX-Forms versions = 9.1.9...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:19 a.m.3 views

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/15 1:19 a.m.1 views

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.6 views

PT-2026-25529

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit nex form function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/11 9:16 a.m.7 views

WordPress Unlimited Elements For Elementor plugin <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability

Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability discovered by WordFence in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.5...

7.2CVSS5.8AI score0.00345EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-8330

Malware in sbrugna...

9.8CVSS9.5AI score0.01916EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-17337

Malware in sbrugna...

8.8CVSS8.6AI score0.0315EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-15041

Malware in sbrugna...

9.8CVSS9.2AI score0.02983EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2021-34123

Malicious code in bioql PyPI...

6.1CVSS4.9AI score0.00931EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7389

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00592EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 a.m.9 views

CVE-2018-16521

An XML External Entity XXE vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0...

9.8CVSS6.8AI score0.01916EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 5:21 p.m.31 views

CVE-2025-2565

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data...

5.1CVSS6.8AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder