Lucene search
K

431 matches found

Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1572

Name of the Vulnerable Software and Affected Versions Bit Form – Contact Form Plugin versions prior to 2.21.7 Description The Bit Form – Contact Form Plugin for WordPress has a flaw allowing unauthorized workflow execution. The triggerWorkFlow function lacks proper authorization, specifically in...

6.5CVSS6.7AI score0.0035EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.25 views

CVE-2025-66117 WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.8...

7.5CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.14 views

CVE-2025-66117

CVE-2025-66117 corresponds to a Missing Authorization/Broken Access Control issue in the WordPress plugin Easy Form . Affected: Easy Form versions up to and including 2.7.8 . The vulnerability arises from incorrectly configured access control, enabling exploitation due to missing authorization. M...

7.5CVSS6.6AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.3 views

CVE-2025-14365 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary WooCommerce...

5.3CVSS5.6AI score0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.28 views

CVE-2025-14365 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing capability checks on the RemoveItems AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary WooCommerce...

5.3CVSS0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51066

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

5.3CVSS6.1AI score0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

WordPress plugin Contact Form by BestWebSoft 安全漏洞

...

4.3CVSS5.8AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 1:25 a.m.4 views

GHSA-662M-56V4-3R8F Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass

Summary A Server-Side Template Injection SSTI vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak...

8.7CVSS7.8AI score0.0264EPSS
Exploits4References4
Patchstack
Patchstack
added 2025/11/28 5:22 p.m.4 views

WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Easy Form versions = 2.7.8...

7.5CVSS7AI score0.0023EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2025/11/25 12:0 a.m.2 views

WordPress Gutenverse Form plugin missing authorization vulnerability

WordPress Gutenverse Form plugin is a form builder plugin designed for WordPress' Gutenberg block editor, designed to help users create feature-rich forms without writing code. A lack of authorization vulnerability exists in WordPress Gutenverse Form plugin, which can be exploited by attackers to...

7.3CVSS6.8AI score0.00272EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/25 12:0 a.m.2 views

WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability

WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...

5.3CVSS6.5AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2025/11/22 7:29 a.m.26 views

CVE-2025-13384

The WordPress plugin CP Contact Form with PayPal (

7.5CVSS5.9AI score0.00324EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.5 views

WordPress plugin Gutenverse Form 安全漏洞

WordPress Gutenverse Form plugin is a form builder plugin designed for WordPress' Gutenberg block editor, designed to help users create feature-rich forms without writing code. A lack of authorization vulnerability exists in WordPress Gutenverse Form plugin, which can be exploited by attackers to...

6.5CVSS6.7AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2025/10/29 9:27 a.m.16 views

CVE-2015-10147

CVE-2015-10147 summary (NORMAL) The Easy Testimonial Slider and Form WordPress plugin is vulnerable to SQL Injection via the id parameter in all versions up to and including 1.0.2 due to insufficient escaping and improper query preparation. This allows authenticated attackers with Administrator-l...

4.9CVSS6.2AI score0.0027EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/10/29 6:14 a.m.8 views

WordPress Easy Testimonial Slider and Form plugin <= 1.0.2 - Authenticated (Admin+) SQL injection vulnerability

Authenticated Admin+ SQL injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Easy Testimonial Slider and Form versions = 1.0.2...

4.9CVSS7.9AI score0.0027EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/10/24 12:0 a.m.3 views

WordPress CF7 Auto Responder Addon plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress CF7 Auto Responder Addon plugin, which stems from the application's lack of effective filtering and escaping of...

7.1CVSS6AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-11070

Malware in sbrugna...

5.4CVSS5.5AI score0.00794EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-9607

Malware in sbrugna...

6.1CVSS6.2AI score0.01464EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-9135

Malware in sbrugna...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-11702

Malware in sbrugna...

4.3CVSS4.6AI score0.0037EPSS
Exploits2References2
Rows per page
Query Builder