Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/04/08 9:31 a.m.2 views

EUVD-2026-20119

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS6.1AI score0.00014EPSS
Exploits0References8
NVD
NVDadded 2026/04/08 7:16 a.m.0 views

CVE-2026-5169

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS0.00014EPSS
Exploits0References7
CVE
CVEadded 2026/04/08 6:43 a.m.3 views

CVE-2026-5169

CVE-2026-5169 concerns the WordPress plugin “Inquiry Form to Posts or Pages” (versions

4.4CVSS6.1AI score0.00014EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/04/08 6:43 a.m.17 views

CVE-2026-5169 Inquiry form to posts or pages <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS0.00014EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.0 views

PT-2026-31103

Name of the Vulnerable Software and Affected Versions The Inquiry Form to Posts or Pages plugin for WordPress versions up to and including 1.0. Description The Inquiry Form to Posts or Pages plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'Form Header' field. This...

4.4CVSS5.9AI score0.00014EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2024/04/08 12:0 a.m.2 views

PT-2024-21980

Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: An issue in GNU Savane allows a remote attacker to escalate privileges via the form id in the form header function. Recommendations: For GNU Savane versions 3.12 and earlier, as a temporary...

8.8CVSS6.6AI score0.021EPSS
Exploits1References6
CNNVD
CNNVDadded 2024/04/08 12:0 a.m.1 views

GNU Savane 安全漏洞

GNU Savane is a collaborative software development management system developed by the GNU community for project management, code hosting and community collaboration. GNU Savane suffers from an elevation of privilege vulnerability, which originates in the formid in the formheader function and can ...

8.8CVSS7.5AI score0.021EPSS
Exploits1References4
wpexploit
wpexploitadded 2022/06/01 12:0 a.m.133 views

Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...

5.4CVSS0.2AI score0.00197EPSS
Exploits2
Rows per page
Query Builder