8170 matches found
CVE-2025-9322
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...
EUVD-2025-35924
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...
CVE-2025-11889
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2025-9322
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...
CVE-2025-9322 Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...
CVE-2025-9322 Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection
The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...
CVE-2025-9322
CVE-2025-9322 : WordPress plugin Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions (up to and including 8.3.1) is vulnerable to unauthenticated SQL Injection via the wpfs-form-name parameter. The issue arises from insufficient escaping of the user-suppli...
PT-2025-43728
Name of the Vulnerable Software and Affected Versions Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress versions up to and including 8.3.1 Description The Stripe Payment Forms plugin for WordPress is susceptible to SQL Injection due ...
WordPress plugin AIO Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
CVE-2025-11889 AIO Forms <= 1.3.15 - Authenticated (Admin+) Arbitrary File Upload via Zip Import
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.15. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2025-11889 AIO Forms <= 1.3.18 - Authenticated (Admin+) Arbitrary File Upload via Zip Import
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Administrator-level access...
CVE-2025-11889
CVE-2025-11889 : WordPress plugin AIO Forms – Craft Complex Forms Easily is vulnerable to authenticated arbitrary file upload via the Zip Import feature due to missing file type validation in versions up to and including 1.3.15 . The flaw allows users with Administrator-level access and above to ...
PT-2025-43595
Name of the Vulnerable Software and Affected Versions AIO Forms – Craft Complex Forms Easily plugin for WordPress versions through 1.3.15 Description The AIO Forms – Craft Complex Forms Easily plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation...
WordPress AIO Forms plugin <= 1.3.18 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by tmrswrr in WordPress Plugin AIO Forms versions = 1.3.18...
CVE-2025-58966
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from n/a through 8.2...
CVE-2025-60209
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.6...
CVE-2025-60210
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through = 1.0.5...
CVE-2025-60151
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.5...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...
EUVD-2025-35417
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.6...