CVE-2025-10732

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

EUVD-2018-13500

Malware in sbrugna...

EUVD-2016-10638

Malware in sbrugna...

EUVD-2020-0925

Malware in sbrugna...

EUVD-2021-34632

Malicious code in bioql PyPI...

CVE-2025-52733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Anonform Ab ANON::form embedded secure form anonform-embedded-secure-form allows DOM-Based XSS.This issue affects ANON::form embedded secure form: from n/a through = 1.7...

CVE-2024-45876

The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...

CVE-2010-1453

Cross-site scripting XSS vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the formurl parameter...

CVE-2019-19325

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

CVE-2018-20963

The contact-form-to-email plugin before 1.2.66 for WordPress has XSS...

CVE-2024-26052 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

Contact Form and Calls To Action by vcita < 2.7.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email and uid parameters in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts into the settings, targeting higher-privileged users such as administrators. PoC...

Form With Password Detected

This is an informational notice that the scanner identified a potential form with a password. No source data...

Design/Logic Flaw

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in t...

U.S. Dept Of Defense: RXSS on ███████

I found Reflected XSS on https://███/contact-us/.YsSAGCNBzaQ. The parameters in the contact form are not properly filtered, leading to possible insertion of " characters and javascript execution Impact Perform any action within the application that the user can perform. View any information that...

Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack '' document.getElementById"test".submit;...

Fetch Tweets <= 2.6.4 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes in an admin page, leading to Reflected Cross-Site Scripting issues alert/XSS-page/' / alert/XSS-tab/' /...

Easy Social Icons < 3.1.3 - Reflected Cross-Site Scripting

The plugin does not escape user input before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues Affected parameters: width, height, margin, attrid, attrclass alert/XSS/' /...

Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF...

Zabbix 5.x SQL Injection / Cross Site Scripting Vulnerabilities

Exploit Title: Zabbix all version / Multiple Vulnerabilities Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com CVSS: 3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Version: Zabbix 1.x, 2.x, 3.x, 4,x 5.x Risk: High 9.0 Vendor Homepage: https://www.zabbix.com/ Tested on: Arch Linux...