Lucene search
K

431 matches found

CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

WordPress plugin Contact Form by WPForms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/03/23 10:16 p.m.4 views

CVE-2026-32278

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.2CVSS0.00197EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/23 9:28 p.m.1 views

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.2CVSS5.7AI score0.00197EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 9:28 p.m.3 views

CVE-2026-32278

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.2CVSS5.7AI score0.00197EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/23 9:28 p.m.24 views

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.2CVSS0.00197EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 9:28 p.m.10 views

CVE-2026-32278

Connect CMS has a Stored XSS vulnerability in the Form Plugin file field. Affected versions are 1.x up to 1.41.0 and 2.x up to 2.41.0. The issue can allow arbitrary script execution in an administrator’s browser if exploited. Patched versions are 1.41.1 and 2.41.1. Remediation is to upgrade the F...

8.2CVSS5.7AI score0.00197EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/23 9:28 p.m.5 views

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.2CVSS5.8AI score0.00197EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/23 8:36 p.m.3 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload in the file field of the Form Plugin. An attacker can execute arbitrary scripts in an administrator's browser by uploading specially crafted files, potentially leading to unauthorized actions or information theft...

8.6CVSS6.1AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/23 8:36 p.m.11 views

EUVD-2026-14570

Connect CMS has Stored Cross-site Scripting XSS in the File Field of its Form Plugin...

8.2CVSS5.8AI score0.00197EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/23 8:36 p.m.6 views

Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Security Advisory — Form Plugin Stored XSS Summary A Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the file field of the Form Plugin, Stored...

8.2CVSS5.9AI score0.00197EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/23 8:36 p.m.2 views

GHSA-MV3P-7P89-WQ9P Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Security Advisory — Form Plugin Stored XSS Summary A Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the file field of the Form Plugin, Stored...

8.2CVSS5.9AI score0.00197EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

OpenSource-WorkShop Connect-CMS 代码问题漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of Connect-CMS prior to 1.41.0 and 2.41.0 contain code vulnerabilities due to cross-site scripting vulnerabilities in the Form Plugin file fields,...

8.2CVSS5.7AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27230

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.2CVSS5.7AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.10 views

PT-2026-26882

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded File::set from array' method accepting user-supplied file paths from the Media Field preset JSON payload without validating...

7.5CVSS5.9AI score0.00397EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/03/15 1:19 a.m.37 views

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/13 11:41 a.m.25 views

CVE-2026-32332 WordPress Easy Form plugin <= 2.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.9...

5.3CVSS0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.6 views

WordPress plugin Easy Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.13 views

WordPress plugin CP Contact Form with Paypal SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.5CVSS5.8AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 9:31 a.m.6 views

EUVD-2026-11125

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/08 7:56 a.m.6 views

CVE-2026-2420

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level...

4.4CVSS5.7AI score0.00193EPSS
Exploits0References1
Rows per page
Query Builder