Lucene search
K

1066 matches found

Vulnrichment
Vulnrichment
added 2026/02/14 3:25 a.m.3 views

CVE-2025-14067 Easy Form Builder <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure

The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve...

5.3CVSS5.5AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/14 3:25 a.m.31 views

CVE-2025-14067 Easy Form Builder <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure

The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve...

5.3CVSS0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.8 views

CVE-2026-26188

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

5.4CVSS5.7AI score0.00253EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.6 views

PT-2026-8046

The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve...

5.3CVSS5.5AI score0.00231EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.8 views

WordPress plugin Easy Form Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/13 9:56 p.m.8 views

WordPress Easy Form Builder plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Response Data Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Easy Form Builder versions = 3.9.3...

5.3CVSS5.5AI score0.00231EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.7 views

CVE-2026-0996

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS5.6AI score0.00277EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/10 8:11 a.m.8 views

WordPress Fluent Forms plugin <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via AI Form Builder Module vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin FluentForm versions = 6.1.14...

6.4CVSS5.4AI score0.00277EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/10 6:15 a.m.12 views

CVE-2026-0996

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS0.00277EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:29 a.m.6 views

CVE-2026-0996

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS5.6AI score0.00277EPSS
Exploits0References7
CVE
CVE
added 2026/02/10 5:29 a.m.23 views

CVE-2026-0996

CVE-2026-0996 affects the WordPress plugin Fluent Forms (AI Form Builder module) up to version 6.1.14. The issue is a Stored Cross-Site Scripting vulnerability caused by missing authorization checks, a leaked nonce, and insufficient input sanitization, allowing Subscriber-level users to trigger A...

6.4CVSS5.9AI score0.00277EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/10 5:29 a.m.7 views

CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS5.9AI score0.00277EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/10 5:29 a.m.28 views

CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS0.00277EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.14 views

PT-2026-7232

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

6.4CVSS5.9AI score0.00277EPSS
Exploits0References7
NVD
NVD
added 2026/01/28 7:16 p.m.7 views

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

6.1CVSS0.00204EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:56 p.m.3 views

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/28 6:56 p.m.6 views

CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References6
CVE
CVE
added 2026/01/28 6:56 p.m.16 views

CVE-2026-0749

Technical details, affected versions, and mitigation are not publicly provided in the supplied documents. Monitor for updates from official advisories and CVE entries.

6.1CVSS5.9AI score0.00204EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/28 6:56 p.m.34 views

CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS0.00204EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/28 6:56 p.m.2 views

CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

4.8CVSS5.9AI score0.00204EPSS
Exploits1References2
Rows per page
Query Builder