Lucene search
K

39 matches found

NVD
NVD
added 2026/03/03 10:16 a.m.9 views

CVE-2026-2568

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/03 9:24 a.m.5 views

EUVD-2026-9284

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 3:25 a.m.22 views

CVE-2025-12845

CVE-2025-12845 refers to the WordPress plugin Tablesome Table – Contact Form DB (WPForms, CF7, Gravity, Forminator, Fluent) with versions 0.5.4–1.2.1. According to Wordfence, it allows unauthorised access to plugin data and can lead to privilege escalation due to a missing capability check in get...

8.8CVSS5.5AI score0.00356EPSS
In wildExploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.6 views

CVE-2025-67468

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

4.3CVSS0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:13 p.m.23 views

CVE-2025-67468 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

4.3CVSS0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49884

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

4.3CVSS7AI score0.00204EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-4216

Malware in sbrugna...

4.3CVSS6.4AI score0.01042EPSS
Exploits0References4
NVD
NVD
added 2025/08/13 5:15 a.m.8 views

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS0.01589EPSS
Exploits0References3
CVE
CVE
added 2025/08/13 4:22 a.m.91 views

CVE-2025-7384

CVE-2025-7384 affects the WordPress plugins Database for Contact Form 7, WPforms, and Elementor forms (up to version 1.4.3). The root cause is PHP Object Injection via deserialization of untrusted input in the get_lead_detail function, enabling unauthenticated attackers to inject PHP objects. The...

9.8CVSS8.7AI score0.01589EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/27 11:8 a.m.8 views

WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.0.9...

4.3CVSS7AI score0.00197EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/25 2:5 a.m.11 views

CVE-2024-6590 Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to...

6.3CVSS5.9AI score0.0032EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.11 views

WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Plugin <= 3.8.0 is vulnerable to Broken Access Control

Software Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6590 Patch priority Medium CVSS severi...

6.3CVSS9.3AI score0.0032EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/05/27 2:34 p.m.4 views

WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Integration for Contact Form 7 and Constant Contact versions = 1.1.5...

4.3CVSS7AI score0.00172EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.3 views

PT-2024-26213 · Unknown +2 · Integration For Pipedrive/Contact Form 7 +3

Name of the Vulnerable Software and Affected Versions: Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms versions 1.2.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to perform...

4.3CVSS6.9AI score0.00247EPSS
Exploits0References2
OSV
OSV
added 2023/12/19 9:15 p.m.3 views

CVE-2023-37982

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...

6.1CVSS7.3AI score0.00414EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.4 views

PT-2023-26230 · Salesforce · Salesforce

Name of the Vulnerable Software and Affected Versions: CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms versions n/a through 1.3.3 Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This...

6.1CVSS6.6AI score0.00414EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.11 views

WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Plugin <= 3.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Type Plugin Vulnerable versions = 3.7.8 Fixed in 3.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Mediu...

6.3AI score0.00284EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/12 12:0 a.m.5 views

PT-2022-24629 · Movable Type · A-Form

Name of the Vulnerable Software and Affected Versions: Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series Movable Type plugin A-Form versions prior to 3.9.1 for Movable Type 6 Series Description: A cross-site scripting issue allows a remote unauthenticated attacker to...

6.1CVSS6.2AI score0.00749EPSS
Exploits0References6
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins plugin <= 3.6.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. plugin versions = 3.6.0. Solution Update the WordPress Spreadsheet Integration – Automate Google Sheets With WordPress,...

2.4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder