CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/02/03 3:9 p.m.•2 views

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via get_form_fields vulnerability

Missing Authorization via getformfields vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

4.3CVSS5.3AI score0.00359EPSS

Exploits0References1Affected Software1

CVE•added 2026/02/03 2:8 p.m.•8 views

CVE-2026-24985

The CVE-2026-24985 entry describes a Missing Authorization/Broken Access Control vulnerability in the approveme WP Forms Signature Contract Add-On for WordPress, affecting versions up to and including 1.8.2. The issue stems from incorrectly configured access control security levels, enabling unau...

4.3CVSS5.3AI score0.00185EPSS

ATTACKERKB•added 2026/02/03 2:8 p.m.•3 views

CVE-2026-24985

5.3AI score0.00185EPSS

EUVD•added 2026/02/03 2:8 p.m.•1 views

EUVD-2026-5243

4.3CVSS5.3AI score0.00185EPSS

Patchstack•added 2026/02/03 12:36 p.m.•5 views

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via restore_records() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via restorerecords vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

5.3CVSS5.3AI score0.00598EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/03 11:3 a.m.•6 views

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via setstarred vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

5.3CVSS5.3AI score0.00598EPSS

Exploits0References1Affected Software1

OSSF Malicious Packages•added 2026/02/03 7:51 a.m.•7 views

Malicious code in tailwindcss-forms-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c160bdf4857d48ea8df8ddf468e5a63432a60ced853eff31cbc5093966a044f The package tailwindcss-forms-kit was found to contain malicious code. Source: ghsa-malware...

5.4AI score

Snyk•added 2026/02/03 7:51 a.m.•2 views

Malicious Package

Overview tailwindcss-forms-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

OSV•added 2026/02/03 7:51 a.m.•3 views

MAL-2026-693 Malicious code in tailwindcss-forms-kit (npm)

5.5AI score

CVE•added 2026/02/03 6:38 a.m.•7 views

CVE-2026-1065

The CVE concerns the WordPress Form Maker by 10Web plugin (versions through 1.15.35). The vulnerability is a Stored Cross-Site Scripting flaw caused by an allowlist that permits SVG uploads combined with weak substring-based extension validation, enabling unauthenticated attackers to upload malic...

7.2CVSS5.5AI score0.00338EPSS

Exploits0References5

Positive Technologies•added 2026/02/03 12:0 a.m.•3 views

PT-2026-6233

Name of the Vulnerable Software and Affected Versions approveme WP Forms Signature Contract Add-On versions through 1.8.2 Description The WP Forms Signature Contract Add-On contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access...

4.3CVSS5.4AI score0.00185EPSS

RedhatCVE•added 2026/02/01 3:14 a.m.•8 views

CVE-2025-15510

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

OSV•added 2026/01/31 8:43 a.m.•2 views

BIT-GOLANG-2025-61726 Memory exhaustion in query parameter parsing in net/url

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS7.3AI score0.00789EPSS

Exploits0References5

CVE•added 2026/01/31 1:23 a.m.•17 views

CVE-2025-15510

CVE-2025-15510 affects NEX-Forms – Ultimate Forms Plugin for WordPress. The underlying issue is a missing capability check in the NF5_Export_Forms class constructor, allowing unauthenticated users to export form configurations by enumerating nex_forms_Id in all versions up to and including 9.1.8....

Cvelist•added 2026/01/31 1:23 a.m.•28 views

CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure

5.3CVSS0.00285EPSS

ATTACKERKB•added 2026/01/31 1:23 a.m.•4 views

CVE-2025-15510

EUVD•added 2026/01/31 1:23 a.m.•5 views

Exploits0References3

EUVD-2025-206597

Positive Technologies•added 2026/01/31 12:0 a.m.•5 views

PT-2026-5500

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5 Export Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form...