CVE-2025-12528 Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

CVE-2025-12528

CVE-2025-12528 concerns the Pie Forms for WP WordPress plugin (versions &lt;= 1.6). The issue is an Arbitrary File Upload due to insufficient file-type validation: validate_classic checks extensions but does not stop the upload, enabling unauthenticated attackers to upload dangerous extensions (e...

EUVD-2025-197948

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974

The CVE concerns Gravity Forms for WordPress. Affected versions: all up to and including 2.9.21.1. Root cause: missing file-type validation in the legacy chunked upload, where .phar files aren’t blocked by the extension blacklist. Exploit scenario: unauthenticated attackers that can discover/enum...

CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

PT-2025-47259

Name of the Vulnerable Software and Affected Versions Pie Forms for WP plugin for WordPress versions prior to 1.7 Description The Pie Forms for WP plugin for WordPress is susceptible to an Arbitrary File Upload issue through the format classic function. Insufficient file type validation within th...

PT-2025-47239

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.9.22 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the legacy chunked upload mechanism. The extension blacklist...

WordPress plugin Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Open Forms 输入验证错误漏洞

Open Forms is a smart dynamic form from Open Formulieren open source. It is used to quickly create powerful and intelligent forms exposed via API. An input validation error vulnerability exists in Open Forms versions prior to 3.2.7 and prior to 3.3.3, which stems from a pre-filled data field that...

PT-2025-47415

Name of the Vulnerable Software and Affected Versions Open Forms versions prior to 3.2.7 Open Forms versions prior to 3.3.3 Description Open Forms enables users to create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms with prefill data fields dynamically set to readonly or...

WordPress plugin Pie Forms for WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress Popup addon for Ninja Forms plugin cross-site scripting vulnerability

WordPress Popup addon for Ninja Forms plugin is a WordPress form plugin that supports the creation of contact forms, signup forms and more. Its Popup/Modal plugin generates informational or promotional popups for email subscriptions, login signups, and other scenarios. A cross-site scripting...

WordPress Pie Forms for WP plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Vanh - GCSC in WordPress Plugin Drag & Drop Builder versions = 1.6...

WordPress Gravity Forms plugin <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload vulnerability

Unauthenticated Arbitrary File Upload via Legacy Chunked Upload vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.21.1...

VulnCheck KEV: CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

Wapiti Web Application Vulnerability Scanner 3.2.10 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...