CVE-2024-2108

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-2030

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2772

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

PT-2026-1605

Name of the Vulnerable Software and Affected Versions Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress versions through 6.1.7 Description The Fluent Forms plugin for WordPress is affected by a missing authorization issue. Capability check...

WordPress plugin Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 安全漏洞

...

WordPress Fluent Forms plugin <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Form Creation via AI Builder vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin FluentForm versions = 6.1.7...

CVE-2025-13409

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-14072

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...

CVE-2025-14072

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...

CVE-2025-14072

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...

CVE-2025-14072 Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...

CVE-2025-14072

CVE-2025-14072 concerns the Ninja Forms WordPress plugin prior to 3.13.3, where an unauthenticated REST API flow can generate valid access tokens that read form submissions. The issue is confirmed in multiple sources (Red Hat RH: Ninja Forms &lt;3.13.3; NVD/NVD listings; CVE records) and is descr...

CVE-2025-14072 Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...

EUVD-2026-0708

The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...

WordPress plugin Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1053

Name of the Vulnerable Software and Affected Versions Ninja Forms WordPress plugin versions prior to 3.13.3 Description An unauthenticated attacker can generate valid access tokens through the REST API. These tokens can then be used to read form submissions. The affected API endpoint allows acces...

CVE-2025-62099

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

CVE-2025-62099

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

CVE-2025-62099 WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...