WordPress plugin Donation Forms WP by Givecloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-36181

Name of the Vulnerable Software and Affected Versions: givecloud Donation Forms WP by Givecloud versions through 1.0.9 Description: The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting XSS. Recommendations...

Wapiti Web Application Vulnerability Scanner 3.2.5

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to not saving the request parameters in the portlet session. An attacker can exhaust system memory by sending crafted HTTP requests. Details Denial of Service DoS describes a family of attacks, all aimed at...

GHSA-J4FW-4MHR-HC45 Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal (7.0.0–7.4.3.4) and Liferay DXP (7.4 GA, 7.3 GA–update 27) is affected by a DoS due to not restricting saving of request parameters in the portlet session. The root cause is unvalidated/unrestricted storage of request data in memory, enabling remote attackers t...

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

PT-2025-35865

Name of the Vulnerable Software and Affected Versions: Kaleo Forms Admin in Liferay Portal versions 7.0.0 through 7.4.3.4 Kaleo Forms Admin in Liferay DXP versions 7.3 GA through update 27 Kaleo Forms Admin in Liferay DXP version 7.4 GA Older unsupported versions Description: The application does...

WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Le Cong Danh vodanh in WordPress Plugin Contact Form By Mega Forms versions = 1.6.1...

CVE-2025-58639

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

CVE-2025-58639

CVE-2025-58639 (WordPress) : The vulnerability is in the WordPress plugin Contact Form By Mega Forms , affected versions up to 1.6.1 . The issue is a Missing/Broken Authorization flaw due to incorrectly configured access control, enabling unauthorized actions as described in multiple sources (Pat...

CVE-2025-58639 WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

CVE-2025-58639 WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

curl: libcurl: Host-Only Cookies Leak to Alternate IPv4 Forms

libcurl canonicalizes numeric IPv4 hostnames during URL parsing and redirect handling example: 127.000.000.001 to 127.0.0.1. When a host-only cookie no Domain= attribute is set, it is stored in the cookie jar with the host string 127.0.0.1. On redirect, even if the Location: contains an alias hos...

WordPress plugin Fluent Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Contact Form By Mega Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

PT-2025-35767

Name of the Vulnerable Software and Affected Versions: Ali Khallad Contact Form By Mega Forms versions through 1.6.1 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update Ali Khallad Contact Form By Me...