CVE-2025-32667 WordPress Doppler Forms plugin <= 2.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through = 2.5.1...

WordPress plugin Doppler Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Piotnet Forms plugin <= 1.0.30 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ngô Thái An in WordPress Plugin Piotnet Forms versions = 1.0.30...

CVE-2025-31793 WordPress Piotnet Forms plugin <= 1.0.30 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in piotnetdotcom Piotnet Forms allows Stored XSS. This issue affects Piotnet Forms: from n/a through 1.0.30...

CVE-2025-31793

CVE-2025-31793 relates to Piotnet Forms for WordPress. The connected documentation confirms an Authenticated Stored Cross-Site Scripting vulnerability in Piotnet Forms, with the affected range described as “from n/a through 1.0.30” and references to the Piotnet Forms entry showing an Unpatched st...

WordPress WP Subscription Forms plugin <= 1.2.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Subscription Forms versions = 1.2.3...

WordPress plugin Live Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-13498

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2024-13498

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2024-13498

CVE-2024-13498 involves the WordPress plugin NEX-Forms – Ultimate Form Builder, where unauthenticated attackers can exfiltrate sensitive data via file uploads in all versions up to 8.8.1 due to insufficient directory listing protection and non-randomized file names. The issue is confirmed in conn...

CVE-2024-13498 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

CVE-2025-0469

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

WordPress plugin Everest Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin Registration Forms 日志信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A log information disclosure...

CVE-2024-12522

CVE-2024-12522 (Yay! Forms for WordPress) Stored XSS via the plugin’s yayforms shortcode (affected versions up to and including 1.2.1). Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts that run on pages viewed by users. The Wordfence entry lis...

CVE-2024-12522 Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yayforms' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Yay! Forms plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Yay! Forms versions = 1.2.1...

CVE-2024-13603

The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions...

CVE-2024-13603

CVE-2024-13603 affects the Wise Forms WordPress plugin (versions