Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

GithubExploit
GithubExploitadded 2026/01/22 6:57 p.m.148 views

Exploit for CVE-2024-51791

CVE-2024-51791 / 0-Click RCE Exploit - Author: Joshua Provost...

10CVSS6.1AI score0.00614EPSS
Exploits1
NVD
NVDadded 2025/12/21 8:15 a.m.7 views

CVE-2025-14855

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS0.00312EPSS
Exploits2References3
RedhatCVE
RedhatCVEadded 2025/05/23 1:19 a.m.8 views

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

8.8CVSS7AI score0.1027EPSS
Exploits5References1
RedhatCVE
RedhatCVEadded 2025/05/22 7:23 p.m.10 views

CVE-2021-24705

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...

4.8CVSS6.3AI score0.00305EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/22 5:37 p.m.7 views

CVE-2020-36670

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...

6.3CVSS6.5AI score0.00554EPSS
Exploits0References1
CVE
CVEadded 2025/03/12 5:22 a.m.44 views

CVE-2024-13498

CVE-2024-13498 involves the WordPress plugin NEX-Forms – Ultimate Form Builder, where unauthenticated attackers can exfiltrate sensitive data via file uploads in all versions up to 8.8.1 due to insufficient directory listing protection and non-randomized file names. The issue is confirmed in conn...

5.3CVSS5.2AI score0.00357EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/02/05 1:41 a.m.5 views

CVE-2024-11052

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6.1AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/02 12:0 p.m.15 views

CVE-2023-46610 WordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerability

Missing Authorization vulnerability in Mohamed Magdy Quill Forms quillforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quill Forms: from n/a through = 3.3.0...

6.5CVSS0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/05/08 1:58 p.m.13 views

CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

7.3AI score0.43042EPSS
Exploits3References2
Rows per page
Query Builder