CVE-2025-54682 WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.4...

CVE-2025-54681

CVE-2025-54681 is a WordPress plugin vulnerability in the WordPress Connector for Gravity Forms and Google Sheets (versions up to 1.2.4) described as an Open Redirect. The issue allows redirection to untrusted sites, facilitating phishing. CVSS v3.1 base score is 4.7 (Medium) with network attack ...

CVE-2025-54681 WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Open Redirection Vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Phishing.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.4...

CVE-2025-54681 WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Open Redirection Vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4...

CVE-2025-24775

CVE-2025-24775 describes an Unrestricted Upload of File with Dangerous Type in WordPress Forms (Made IT Forms) plugin up to version 2.9.0, enabling uploading a web shell to the web server. Public records in the provided connected sources indicate this vulnerability affects Forms versions &lt;= 2....

CVE-2025-24775 WordPress Forms <= 2.9.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.9.0...

CVE-2025-24775 WordPress Forms <= 2.9.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.9.0...

WordPress plugin Connector for Gravity Forms and Google Sheets 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

WordPress plugin Connector for Gravity Forms and Google Sheets 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An input validation error...

WordPress plugin Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-33150 · Unknown · Made I.T. Forms

Name of the Vulnerable Software and Affected Versions: Made IT Forms versions not specified through 2.9.0 Description: An unrestricted file upload issue with dangerous file types exists in Made IT Forms, allowing for the upload of a web shell to a web server. Recommendations: At the moment, there...

PT-2025-33233 · Unknown +1 · Gravity Forms +2

Name of the Vulnerable Software and Affected Versions: CRM Perks Connector for Gravity Forms and Google Sheets versions through 1.2.4 Description: The vulnerability allows for redirection to an untrusted site, potentially enabling phishing attacks. Recommendations: Update Connector for Gravity...

PT-2025-33234 · Unknown +2 · Gravity Forms +2

Name of the Vulnerable Software and Affected Versions: CRM Perks Connector for Gravity Forms and Google Sheets versions through 1.2.4 Description: The CRM Perks Connector for Gravity Forms and Google Sheets is susceptible to a Cross-Site Request Forgery CSRF issue. This allows for the potential...

WordPress Forms <= 2.9.0 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by astra.r3verii in WordPress Plugin Forms versions = 2.9.0...

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

GHSA-8MQ8-C243-2335 Magento Cross-site Scripting vulnerability

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be...

CVE-2025-49557

CVE-2025-49557 refers to a stored Cross-site Scripting (XSS) vulnerability in Adobe Commerce/Magento Open Source versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fiel...

WordPress Gravity Forms Plugin < 1.9.16 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediaburst:gravityforms"; if description...

WordPress Gravity Forms Plugin < 2.0.7 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediaburst:gravityforms"; if description...