Lucene search
K

1056 matches found

CVE
CVE
added 2026/03/25 4:15 p.m.9 views

CVE-2026-32532

WordPress plugin: Contact Form & Lead Form Elementor Builder (versions ≤ 2.0.1) has a Cross Site Scripting (XSS) vulnerability. Discovered by daroo. The Patchstack entry confirms the affected plugin and the XSS issue; no fix version is stated in the provided documents.

7.1CVSS5.8AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.3 views

CVE-2026-32525

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...

5.8AI score0.00294EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-32498 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

5.8AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-28012

Name of the Vulnerable Software and Affected Versions RegistrationMagic versions prior to 6.0.7.7 Description A missing authorization flaw exists in the RegistrationMagic custom-registration-form-builder-with-submission-manager. This issue allows exploitation of incorrectly configured access...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/24 8:31 a.m.11 views

WordPress ARForms plugin <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution vulnerability

Unauthenticated Blind Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin ARForms Form Builder versions = 1.7.2...

5.6CVSS5.8AI score0.00268EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.6 views

EUVD-2026-14178

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References6
NVD
NVD
added 2026/03/21 4:17 a.m.6 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.7 views

CVE-2026-3546

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.4 views

CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:26 a.m.6 views

CVE-2026-3546

The CVE concerns the WordPress plugin e-shot form builder (≤ v1.0.2). The vulnerable component is eshot_form_builder_get_account_data(), registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks capability checks (no current_user_can) and does not verify a no...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.29 views

CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...

5.3CVSS0.00231EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin e-shot form builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.7 views

PT-2026-26858

Name of the Vulnerable Software and Affected Versions e-shot form builder plugin for WordPress versions up to and including 1.0.2 Description The e-shot form builder plugin for WordPress is susceptible to exposure of sensitive information. The eshot form builder get account data function,...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References9
Snyk
Snyk
added 2026/03/19 11:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.6 views

CVE-2026-32385

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

5.4CVSS0.00218EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.2 views

CVE-2026-32385

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

5.8AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25232

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

5.8AI score0.00218EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/12 12:58 a.m.5 views

WordPress Gutena Forms plugin < 1.6.1 - Contributor+ Arbitrary Limited Options Update vulnerability

Contributor+ Arbitrary Limited Options Update vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder versions 1.6.1...

6.8CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:24 a.m.8 views

CVE-2026-1454

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/11 8:24 a.m.29 views

CVE-2026-1454 Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

7.2CVSS0.00241EPSS
Exploits0References4
Rows per page
Query Builder