Web-Application-Vulnerability-Scanner

Web-Application-Vulnerability-Scanner Web Application Vulnerab...

CVE-2025-14782

CVE-2025-14782 details from Wordfence confirm a direct authorization bypass in the Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress. The issue affects all versions up to and including 1.49.1 and arises from missing authorization checks in the listen_for_csv...

CVE-2025-14782 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listenforcsvexport' function. This is due to the plugin not properly verifying that a user is authorized to...

CVE-2025-14782 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listenforcsvexport' function. This is due to the plugin not properly verifying that a user is authorized to...

CVE-2025-14803

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

CVE-2025-14803 Nex-Forms Express WP Form Builder < 9.1.8 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

CVE-2025-14803

CVE-2025-14803 concerns the Nex-Forms WordPress plugin, affected up to version 9.1.8. The issue arises from inadequate sanitization/escaping of certain settings, enabling stored XSS when configured in a specific way. Public Red Hat and CIRCL entries corroborate the same description. Red Hat notes...

CVE-2025-14803 Nex-Forms Express WP Form Builder < 9.1.8 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

PT-2026-1754

Name of the Vulnerable Software and Affected Versions Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to and including 1.49.1 Description The Forminator Forms plugin is susceptible to authorization bypass. This occurs because the plugin does no...

PT-2026-1755

Name of the Vulnerable Software and Affected Versions NEX-Forms WordPress plugin versions prior to 9.1.8 Description The NEX-Forms WordPress plugin does not properly sanitise and escape certain settings. This configuration can allow subscribers to execute Stored Cross-Site Scripting attacks...

WordPress plugin NEX-Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2026-0674

Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Campaign Monitor for WordPress: from n/a through 2.9.1...

CVE-2026-0674

CVE-2026-0674 refers to a Missing Authorization vulnerability in Campaign Monitor for WordPress (plugin: forms-for-campaign-monitor). The Wordfence document confirms the affected component and describes exploitation as arising from an incorrectly configured access control, with CVSS 3.1 base scor...

PT-2026-1968

Name of the Vulnerable Software and Affected Versions Campaign Monitor for WordPress versions through 2.9.0 Description A missing authorization issue exists in Campaign Monitor for WordPress forms-for-campaign-monitor, allowing exploitation of incorrectly configured access control security levels...

CVE-2025-13722

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

CVE-2025-13722

CVE-2025-13722 affects Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder for WordPress. Wordfence reports Missing Authorization in the fluentform_ai_create_form AJAX action, allowing authenticated attackers with Subscriber+ privileges to create arbitrary forms...

CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

CVE-2025-13409

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...