39 matches found
CVE-2026-2568
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...
EUVD-2026-9284
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2025-12845
CVE-2025-12845 refers to the WordPress plugin Tablesome Table – Contact Form DB (WPForms, CF7, Gravity, Forminator, Fluent) with versions 0.5.4–1.2.1. According to Wordfence, it allows unauthorised access to plugin data and can lead to privilege escalation due to a missing capability check in get...
CVE-2025-67468
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...
CVE-2025-67468 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...
PT-2025-49884
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...
EUVD-2011-4216
Malware in sbrugna...
CVE-2025-7384
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2025-7384
CVE-2025-7384 affects the WordPress plugins Database for Contact Form 7, WPforms, and Elementor forms (up to version 1.4.3). The root cause is PHP Object Injection via deserialization of untrusted input in the get_lead_detail function, enabling unauthenticated attackers to inject PHP objects. The...
WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.0.9...
CVE-2024-6590 Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to...
WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Plugin <= 3.8.0 is vulnerable to Broken Access Control
Software Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6590 Patch priority Medium CVSS severi...
WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Integration for Contact Form 7 and Constant Contact versions = 1.1.5...
PT-2024-26213 · Unknown +2 · Integration For Pipedrive/Contact Form 7 +3
Name of the Vulnerable Software and Affected Versions: Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms versions 1.2.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to perform...
CVE-2023-37982
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3...
PT-2023-26230 · Salesforce · Salesforce
Name of the Vulnerable Software and Affected Versions: CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms versions n/a through 1.3.3 Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This...
WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Plugin <= 3.7.8 is vulnerable to Cross Site Scripting (XSS)
Software Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Type Plugin Vulnerable versions = 3.7.8 Fixed in 3.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Mediu...
PT-2022-24629 · Movable Type · A-Form
Name of the Vulnerable Software and Affected Versions: Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series Movable Type plugin A-Form versions prior to 3.9.1 for Movable Type 6 Series Description: A cross-site scripting issue allows a remote unauthenticated attacker to...
WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins plugin <= 3.6.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. plugin versions = 3.6.0. Solution Update the WordPress Spreadsheet Integration – Automate Google Sheets With WordPress,...