CVE-2025-5392

GB Forms DB plugin for WordPress ≤ 1.0.2 is vulnerable to unauthenticated remote code execution via gbfdb_talk_to_front() which passes user input to call_user_func, enabling attackers to execute code, inject backdoors, or create admin accounts. This is a critical flaw (CVSS v3.1: 9.8). Remediatio...

CVE-2025-5392 GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution

The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdbtalktofront function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for unauthenticated...

CVE-2025-5392 GB Forms DB <= 1.0.2 - Unauthenticated Remote Code Execution

The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdbtalktofront function. This is due to the function accepting user input and then passing that through calluserfunc. This makes it possible for unauthenticated...

WordPress plugin GB Forms DB 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code injection vulnerability exists in the WordPress GB Forms DB plugin that originates in the gbfdbtalktofront function that accepts user input and passes it through...

PT-2025-29211 · WordPress · Gb Forms Db

Name of the Vulnerable Software and Affected Versions: GB Forms DB plugin for WordPress versions up to and including 1.0.2 Description: The GB Forms DB plugin for WordPress is susceptible to Remote Code Execution via the gbfdb talk to front function. The function accepts user input and passes it...

CVE-2025-49547

Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

WordPress Forminator Forms Code Issue Vulnerability

WordPress Forminator Forms is a powerful free form builder plugin that supports the creation of many types of interactive forms. WordPress Forminator Forms suffers from a code issue vulnerability that stems from deserializing untrusted inputs in the function entrydeleteuploadfiles, which can be...

APSB25-67 : Security update available for Adobe Experience Manager Forms

Adobe has released a security update for Adobe Experience Manager Forms on JEE. This update addresses a critical vulnerability that could lead to arbitrary code execution...

CVE-2025-7087 Belkin F9K1122 webs formL2TPSetup stack-based overflow

A vulnerability classified as critical was found in Belkin F9K1122 1.00.33. Affected by this vulnerability is the function formL2TPSetup of the file /goform/formL2TPSetup of the component webs. The manipulation of the argument L2TPUserName leads to stack-based buffer overflow. The attack can be...

CVE-2025-6783

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6782

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6464

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...

CVE-2025-6463

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entrydeleteuploadfiles' function in all versions up to, and including, 1.44.2. This makes it possible for...

CVE-2025-6783

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6783

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6782

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6782

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6782 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...

CVE-2025-6782

CVE-2025-6782 : GoZen Forms (WordPress) up to version 1.1.5 is vulnerable to unauthenticated SQL Injection through the dirGZActiveForm() function via the forms-id parameter. The root cause is insufficient escaping and lack of proper SQL query preparation, enabling an attacker to append additional...

CVE-2025-6782 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via dirGZActiveForm()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...