CVE-2026-8692

The CVE covers the Vedrixa Forms – WordPress plugin (versions up to 1.1.1). The issue is an authorization bypass in the AJAX handler (wefb_save_form_structure), allowing authenticated users with subscriber-level access and above to arbitrarily modify form structure by writing attacker-controlled ...

CVE-2026-8692 Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

CVE-2026-8692 Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

PT-2026-42739

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

WordPress Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Form Structure Modification vulnerability discovered by Thanh Toan Bui in WordPress Plugin Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder versions = 1.1.1...

Missing Authorization

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Missing Authorization in the export process. An attacker can gain access to the structure of forms they are no...

CVE-2017-2967

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution...

Memory corruption

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution...

“Happy one hundred phases in the Park”photo album GETSHELL vulnerabilities-vulnerability warning-the black bar safety net

The vulnerability appears in the index.php if$do == 'upload' if$POST'formsub' $file = $FILES'upload'; if!$ file'error' ifstrpos$file'type', 'image' === 0 $hash = $POST'i'.'. jpg'; //if IIS, then here can be self-configured IIS malformed file extension to get a webshell...

Ce-Admin news publishing system vulnerability analysis-vulnerability warning-the black bar safety net

The news publishing system is currently mainly used for a picture news release, due to the generated html, the browsing speed is very fast, resulting in a more modified version, currently found in at least 4 modified version, the user group of the majority, although modified, but still there are...