WordPress Crowdsignal Forms plugin <= 1.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Crowdsignal Forms versions = 1.7.2...

CVE-2025-67015

Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/adminaccess1...

CVE-2025-67015

CVE-2025-67015 affects the Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1. Root cause is improper access control that lets an unauthenticated attacker modify the Administrator password and escalate privileges by sending a crafted POST to /Forms/admin_access_1. Im...

WordPress GravityForms plugin < 2.9.23.1 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Marc Montpas in WordPress Plugin Gravity Forms versions 2.9.23.1...

CVE-2025-13407

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

CVE-2021-47722

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...

EUVD-2025-205267

Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Builder: Exit-Intent...

CVE-2025-68568 WordPress Claspo – Popups, Spin the Wheel & Email Capture plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Claspo Popup Builders Claspo – Popups, Spin the Wheel & Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo – Popups, Spin the Wheel & Email Capture: from n/a through = 1.0.7...

CVE-2025-68568 WordPress Claspo – Popups, Spin the Wheel & Email Capture plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Claspo Popup Builders Claspo – Popups, Spin the Wheel & Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo – Popups, Spin the Wheel & Email Capture: from n/a through = 1.0.7...

CVE-2025-68568

CVE-2025-68568 corresponds to a Missing Authorization issue in the WordPress plugin Claspo – Popups, Spin the Wheel & Email Capture . The vulnerability affects versions from unspecified prior to and including 1.0.7 and is described as an unauthenticated access control weakness (i.e., missing auth...

CVE-2025-13407

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

CVE-2025-13407

The CVE concerns the Gravity Forms WordPress plugin (versions prior to 2.9.23.1). A flaw in the chunked upload feature allows uploading of dangerous files (e.g., PHP) to the upload path, enabling Remote Code Execution if the path is discovered or enumerated. Several connected sources corroborate ...

CVE-2025-13407 GravityForms < 2.9.23.1 - Unauthenticated Arbitrary File Upload

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

CVE-2025-13407 GravityForms < 2.9.23.1 - Unauthenticated Arbitrary File Upload

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

Exploit for Cross-site Scripting in Strategy11 Formidable_Form_Builder

CVE-2017-20192 — Formidable Forms WordPress — Vulnerable Doc...

PT-2025-52870

Name of the Vulnerable Software and Affected Versions Gravity Forms WordPress plugin versions prior to 2.9.23.1 Description The Gravity Forms WordPress plugin does not properly prevent users from uploading dangerous files through its chunked upload functionality. This allows attackers to upload P...

WordPress plugin Gravity Forms 安全漏洞

WordPress Gravity Forms plugin is a popular WordPress plugin for creating and managing various types of forms. A file upload vulnerability exists in the WordPress Gravity Forms plugin, which stems from the chunked upload feature failing to prevent dangerous file uploads, no details of the...

CVE-2021-47722

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...

CVE-2021-47722 Zucchetti Axess CLOKI Access Control 1.64 Cross-Site Request Forgery

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking...

PT-2025-52831

Name of the Vulnerable Software and Affected Versions Zucchetti Axess CLOKI Access Control version 1.64 Description The software contains a cross-site request forgery condition. This allows attackers to manipulate access control settings without user interaction. Attackers can create malicious we...