Lucene search
K

8264 matches found

Cvelist
Cvelist
added 2025/10/11 7:25 a.m.10 views

CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.7 views

PT-2025-41677

Name of the Vulnerable Software and Affected Versions GSheetConnector For Gravity Forms plugin for WordPress versions prior to 1.3.28 Description The GSheetConnector For Gravity Forms plugin for WordPress is susceptible to an authorization bypass. This occurs because of a missing capability check...

8.8CVSS7.1AI score0.00392EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/10/11 12:0 a.m.4 views

WordPress plugin GSheetConnector For Gravity Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.8CVSS7.4AI score0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/11 12:0 a.m.5 views

WordPress plugin NEX-Forms – Ultimate Forms Plugin for WordPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

4.9CVSS7.6AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.6 views

PT-2025-41642

Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.6 Description The software is susceptible to SQL Injection through the orderby parameter within the nf load form entries action. Insufficient input sanitization and inadequat...

4.9CVSS7.2AI score0.00291EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/11 12:0 a.m.5 views

WordPress plugin GSheetConnector For Gravity Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

2.4CVSS6.5AI score0.00141EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.8 views

PT-2025-41678

Name of the Vulnerable Software and Affected Versions GSheetConnector For Gravity Forms plugin for WordPress versions prior to 1.3.24 Description The software is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the activate plugin and deactivate plugin functions. Th...

2.4CVSS6.4AI score0.00141EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/10/10 11:22 p.m.6 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.6 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by dutafi in WordPress Plugin NEX-Forms versions = 9.1.6...

4.9CVSS7.8AI score0.00291EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/09 6:21 a.m.11 views

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

4.8CVSS5.5AI score0.00272EPSS
Exploits1References1
Snyk
Snyk
added 2025/10/08 3:32 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Forms module. An attacker can execute arbitrary web scripts or inject HTML by submitting a crafted payload into a form with a rich text type field. Details Cross-site scripting or XSS is a code...

6.1CVSS5.4AI score0.00224EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/08 3:32 p.m.7 views

Liferay Portal is vulnerable to Stored XSS through Forms text type field

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...

6.1CVSS5.5AI score0.00224EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/10/08 3:32 p.m.3 views

GHSA-378F-8Q54-3FQX Liferay Portal is vulnerable to Stored XSS through Forms text type field

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...

5.1CVSS5.5AI score0.00224EPSS
Exploits0References3
NVD
NVD
added 2025/10/08 2:15 p.m.5 views

CVE-2025-43830

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...

6.1CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/08 1:11 p.m.4 views

CVE-2025-43830

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...

5.1CVSS5AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2025/10/08 1:11 p.m.13 views

CVE-2025-43830

CVE-2025-43830 describes a stored Cross-Site Scripting (XSS) vulnerability in Liferay Portal/Liferay DXP related to the rich text form field under the Forms module. Affected products include Liferay Portal 7.3.2–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.8, 2023.Q4.0–2023.Q4.5, with GA releases ...

6.1CVSS5AI score0.00224EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/08 1:11 p.m.9 views

CVE-2025-43830

Stored cross-site scripting XSS vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a...

5.1CVSS0.00224EPSS
Exploits0References1
OSV
OSV
added 2025/10/08 6:15 a.m.3 views

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

4.8CVSS5.5AI score
Exploits0References4
Cvelist
Cvelist
added 2025/10/08 6:2 a.m.10 views

CVE-2025-11437 JhumanJ OpnForm Form Editor forms cross site scripting

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

4.8CVSS0.00272EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.6 views

PT-2025-41254

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.2 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.5 Description A stored cross-site scripting XSS issue exists in Forms within the software. This allows remote attackers to inject arbitrary web scri...

5.1CVSS5.4AI score0.00224EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

OpnForm 代码注入漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A code injection vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from an incorrect operation of the component Form Editor in file/api/open/forms, and could lead to a cross-site scripting attack...

4.8CVSS4.2AI score0.00272EPSS
Exploits1References4
Rows per page
Query Builder