Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 9:16 a.m.1 views

CVE-2025-13657

The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handlequeryargs function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.2AI score0.00026EPSS
Exploits0References1
Patchstack
Patchstackadded 2024/10/28 7:57 a.m.4 views

WordPress Forminator plugin <= 1.35.1 - Missing Authorization to Authenticated Form Update and Creation vulnerability

Missing Authorization to Authenticated Form Update and Creation vulnerability discovered by wesley wcraft in WordPress Plugin Forminator versions = 1.35.1...

8.8CVSS7AI score0.00379EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2023/11/29 12:0 a.m.17 views

Multi Step Form < 1.7.13 - Form Update/Deletion via CSRF

Description The plugin does not have CSRF checks when deleting, updating and duplicating forms, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

8.8CVSS6.9AI score0.00053EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2019/07/23 12:0 a.m.1 views

PT-2019-9618 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo content head parameter, also known as the "board head contents" parameter, in the adm/board form update.php endpoint...

6.1CVSS6.6AI score0.00363EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2019/07/23 12:0 a.m.1 views

PT-2019-9617 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile content head parameter, also known as the "mobile board head contents" parameter, in the adm/board form update.p...

6.1CVSS6.5AI score0.00363EPSS
Exploits0References8
OSV
OSVadded 2018/01/25 3:29 a.m.1 views

DEBIAN-CVE-2018-6197

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c...

7.5CVSS7.5AI score0.0044EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2016/12/11 12:0 a.m.2 views

PT-2016-7747 · W3M +2 · W3M +2

Name of the Vulnerable Software and Affected Versions: w3m versions prior to 0.5.3-31 Description: An issue in the w3m fork allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted HTML page. This is due to a buffer overflow in the formUpdateBuffer...

8.8CVSS7.5AI score0.01594EPSS
Exploits5References100
NVD
NVDadded 2015/09/16 2:59 p.m.8 views

CVE-2015-6965

Multiple cross-site request forgery CSRF vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 create a field, 2 update a field, 3 delete a field, 4 create a form, 5 update a...

6.8CVSS6.7AI score0.0046EPSS
Exploits1References3
Rows per page
Query Builder