8 matches found
CVE-2026-2002
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2002
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2002
CVE-2026-2002 has a concrete linked vulnerability in the Patchstack entry: WordPress Forminator Forms plugin <= 1.50.2 contains an Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability. Affected component: Forminator plugin’s forms/ builders (Contact Form, Payment Form & Cus...
CVE-2025-13967
The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-13967
CVE-2025-13967 (Woodpecker for WordPress) details (from connected doc): The Woodpecker for WordPress plugin is affected by a stored XSS in the woodpecker-connector shortcode’s form_name parameter. This vulnerability exists in all versions up to and including 3.0.4. Exploitation requires authentic...
CVE-2025-13967 Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute
The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-13967 Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute
The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2020-8436
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rmformid, rmtr, or formname parameter...