CVE-2025-6782 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-47654 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.20...

WordPress CubeWP Forms plugin authorization issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authorization issue vulnerability exists in the WordPress CubeWP Forms plugin that stems from a lack of authorization and can be exploited by an attacker to configure incorre...

CVE-2025-30954

CVE-2025-30954 : Open Redirect in WP Gravity Forms Constant Contact Plugin (CRM Perks) for WordPress. Affects plugin versions 1.0.0 through 1.1.0 (n/a–1.1.0). According to the CVE entry, the vulnerability is an Open Redirect that can be abused for phishing by redirecting victims to untrusted site...

CVE-2025-48328 WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through = 1.7.0...

CVE-2024-9352

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'createmodule' function. This makes it...

CVE-2024-7692

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-1400

The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to...

CVE-2024-1645

The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export...

CVE-2024-1218

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible fo...

CVE-2024-0660

The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the updatesettings function. This...

CVE-2024-2368

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...

CVE-2024-1130

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

CVE-2024-10862

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'searchparams' parameter in all versions up to, and including, 8.7.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

CVE-2024-9528

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-6520

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-6521

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dropdown fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-6518

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via input fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-11188

The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input...

CVE-2024-1905

The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...