Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

175 matches found

Nuclei
Nucleiadded 12 hours ago12 views

Formidable Forms < 2.05.02 - Cross-Site Scripting

Formidable Form Builder for WordPress versions before 2.05.03 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in form parameters like 'afterhtml', letting unauthenticated attackers inject and execute arbitrary scripts in victims' browsers id:...

8.3CVSS5.5AI score0.24408EPSS
Exploits2References3
RedhatCVE
RedhatCVEadded 2026/03/26 3:8 p.m.1 views

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:0 p.m.2 views

CVE-2026-2890

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

7.5CVSS5.8AI score0.00092EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/25 6:31 p.m.4 views

EUVD-2026-15893

Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable...

5.8AI score0.00047EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/25 4:15 p.m.23 views

CVE-2026-32527 WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable...

6.5CVSS0.00047EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/25 12:0 a.m.2 views

PT-2026-28041

Name of the Vulnerable Software and Affected Versions CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions through 1.1.5 Description An authorization issue exists in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja...

6.5CVSS5.8AI score0.00047EPSS
Exploits0References6
EUVD
EUVDadded 2026/03/13 9:31 p.m.2 views

EUVD-2026-11756

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

7.5CVSS5.8AI score0.00092EPSS
Exploits0References5
EUVD
EUVDadded 2026/03/13 9:31 p.m.1 views

EUVD-2026-11766

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References6
NVD
NVDadded 2026/03/13 7:54 p.m.1 views

CVE-2026-2890

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

7.5CVSS0.00092EPSS
Exploits0References4
CVE
CVEadded 2026/03/13 8:25 a.m.6 views

CVE-2026-2888

CVE-2026-2888 affects Formidable Forms for WordPress in versions up to and including 6.28. The issue is an authorization bypass in the frm_strp_amount AJAX handler, where attacker-controlled JSON input overwrites global POST data and is used to recalculate PaymentIntent amounts via field shortcod...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/13 8:25 a.m.21 views

CVE-2026-2888 Formidable Forms <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS0.00026EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/13 8:25 a.m.1 views

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/03/13 8:25 a.m.1 views

CVE-2026-2888 Formidable Forms <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References5
Patchstack
Patchstackadded 2026/03/13 7:51 a.m.2 views

WordPress Formidable Forms plugin <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter vulnerability

Unauthenticated Payment Amount Manipulation via 'itemmeta' Parameter vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Formidable Forms versions = 6.28...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/03/13 7:51 a.m.1 views

WordPress Formidable Forms plugin <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability

Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability discovered by Andres Cruciani in WordPress Plugin Formidable Forms versions = 6.28...

7.5CVSS5.8AI score0.00092EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/13 7:23 a.m.2 views

CVE-2026-2890

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

7.5CVSS5.8AI score0.00092EPSS
Exploits0References5
CVE
CVEadded 2026/03/13 7:23 a.m.6 views

CVE-2026-2890

CVE-2026-2890 affects Formidable Forms for WordPress (all versions

7.5CVSS5.8AI score0.00092EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/13 7:23 a.m.2 views

CVE-2026-2890 Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

7.5CVSS5.8AI score0.00092EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/13 7:23 a.m.24 views

CVE-2026-2890 Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

7.5CVSS0.00092EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/13 12:0 a.m.2 views

PT-2026-25153

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handle one time stripe link return url marking payment records as complete based solely on the Stripe PaymentIntent statu...

7.5CVSS5.8AI score0.00092EPSS
Exploits0References8
Rows per page
Query Builder