8172 matches found
CVE-2025-7638
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-7696
CVE-2025-7696 : The WordPress plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms is vulnerable to unauthenticated PHP Object Injection via the verify_field_val() function in all versions up to 1.2.3. Deserialization of untrusted input enables injection of a PHP o...
CVE-2025-7697 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function
The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...
WordPress plugin Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...
WordPress plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A code issue vulnerability exists ...
CVE-2025-49485
A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...
CVE-2025-49485 Extension - balbooa.com - SQL injection in Balbooa Forms component version 1.0.0 - 2.3.1.1 for Joomla
A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...
CVE-2025-49485 Extension - balbooa.com - SQL injection in Balbooa Forms component version 1.0.0 - 2.3.1.1 for Joomla
A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...
CVE-2025-49485
CVE-2025-49485: A SQL injection in Balbooa Forms for Joomla affects versions 1.0.0 through 2.3.1.1. The vulnerability is triggered via the id parameter, enabling privileged users to execute arbitrary SQL commands (per CVSS 4.0 metrics: NETWORK, HIGH impact on confidentiality/integrity/availabilit...
CVE-2025-7638
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-7638 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-7638
CVE-2025-7638 affects the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder (versions up to and including 1.45.0). The root cause is insufficient escaping and lack of proper SQL query preparation for the user-supplied parameter in the internal query, enabling a ...
CVE-2025-7638 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user supplied parameter and lack of sufficient...
Balbooa Forms SQL注入漏洞
Balbooa Forms is a Joomla extension from Balbooa Inc. A SQL injection vulnerability exists in Balbooa Forms versions 1.0.0-2.3.1.1, which stems from an incorrect manipulation of the parameter id leading to a SQL injection attack...
PT-2025-30022 · Joomla · Balbooa Forms
Name of the Vulnerable Software and Affected Versions: Balbooa Forms versions 1.0.0 through 2.3.1.1 Description: A SQL injection issue exists in the Balbooa Forms plugin for Joomla. Privileged users can execute arbitrary SQL commands through the id parameter. Recommendations: Balbooa Forms versio...
WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress...
PT-2025-29991 · WordPress · Forminator Forms
Name of the Vulnerable Software and Affected Versions: Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions prior to 1.45.1 Description: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is susceptible to...
WordPress GB Forms DB plugin code injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code injection vulnerability exists in the WordPress GB Forms DB plugin that originates in the gbfdbtalktofront function that accepts user input and passes it through...
CVE-2025-5392
The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdbtalktofront function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for unauthenticated...
CVE-2025-5392
GB Forms DB plugin for WordPress ≤ 1.0.2 is vulnerable to unauthenticated remote code execution via gbfdb_talk_to_front() which passes user input to call_user_func, enabling attackers to execute code, inject backdoors, or create admin accounts. This is a critical flaw (CVSS v3.1: 9.8). Remediatio...