CVE-2025-5927

The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

CVE-2025-5398

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This mak...

CVE-2025-5398

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This mak...

CVE-2025-5398 Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This mak...

CVE-2025-5398 Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This mak...

CVE-2025-5398

CVE-2025-5398 affects Ninja Forms – The Contact Form Builder That Grows With You (WordPress plugin). The CVE describes a Stored Cross-Site Scripting (CSTI) vulnerability due to insufficient output escaping in the templating engine, impacting all versions up to and including 3.10.2.1. Exploitation...

WordPress plugin Popup addon for Ninja Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Address Autocomplete via Google for Gravity Forms 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress plugin Ninja Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-27170 · Gravity Forms · Address Autocomplete Via Google For Gravity Forms

Name of the Vulnerable Software and Affected Versions: Address Autocomplete via Google for Gravity Forms versions 1.3.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that affects the Address Autocomplete via Google for Gravity Forms plugin. This vulnerabili...

PT-2025-27072 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.10.2.1 Description: The issue is related to Stored Cross-Site Scripting via the use of a templating engine due to insufficient...

PT-2025-27186 · Unknown · Popup Addon For Ninja Forms

Name of the Vulnerable Software and Affected Versions: Aman Popup addon for Ninja Forms versions n/a through 3.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an...

PT-2025-27115

Name of the Vulnerable Software and Affected Versions: Everest Forms versions through 3.2.2 Description: Deserialization of untrusted data in Everest Forms allows for object injection. This issue impacts installations with PHP versions below 7.1, potentially leading to remote code execution RCE...

WordPress Ninja Forms plugin <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via CSTI vulnerability discovered by Asaf Mozes in WordPress Plugin Ninja Forms versions = 3.10.2.1...

CVE-2025-5927

The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

CVE-2025-5927

The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

CVE-2025-5927 Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion

The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

CVE-2025-5927

CVE-2025-5927 affects the Everest Forms (Pro) WordPress plugin up to version 1.9.4, with an insufficiently validated delete_entry_files() path that enables arbitrary file deletion. Multiple sources describe an unauthenticated path traversal leading to deletion of server files (potential remote co...

CVE-2025-5927 Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion

The Everest Forms Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

PT-2025-26822 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms Pro plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the delete entry files function, allowing unauthenticated attackers to delete arbitrary...