PT-2025-26822 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms Pro plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the delete entry files function, allowing unauthenticated attackers to delete arbitrary...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A security vulnerability exists in the ordPress Everest Forms plugin that stems from insufficient path validation of the deleteentryfiles function, which can be exploited by an...

WordPress Everest Forms (Pro) plugin <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion vulnerability

Unauthenticated Path Traversal to Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Everest Forms Pro versions = 1.9.4...

Malicious code in forms-extensions (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5409 Malicious code in forms-extensions (npm)

The package communicates with a domain associated with malicious activity...

WordPress CubeWP Forms plugin authorization issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authorization issue vulnerability exists in the WordPress CubeWP Forms plugin that stems from a lack of authorization and can be exploited by an attacker to configure incorre...

Navigating the Growing Field of Research on AI for Software Testing

In industry, software testing is the primary method to verify and validate the functionality, performance, security, usability, and so on, of software-based systems. Test automation has gained increasing attention in industry over the last decade, following decades of intense research into test...

CVE-2025-49880

Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through = 1.1.5...

CVE-2025-49880

Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through = 1.1.5...

CVE-2025-49880

Summary: CVE-2025-49880 affects WordPress CubeWP Forms (versions up to 1.1.5) with a missing authorization flaw enabling attackers to exploit misconfigured access controls. The vulnerability originates from inadequate access control checks in CubeWP Forms and is cataloged with a CVSS v3.1 base sc...

CVE-2025-49880 WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through = 1.1.5...

CVE-2025-49880 WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through = 1.1.5...

WordPress plugin CubeWP Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authorization issue vulnerability exists in the WordPress CubeWP Forms plugin that stems from a lack of authorization and can be exploited by an attacker to configure incorre...

PT-2025-25734 · Unknown · Cubewp Forms

Name of the Vulnerable Software and Affected Versions: CubeWP Forms versions 1.1.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For CubeWP Forms versions 1.1....

WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Mika in WordPress Plugin CubeWP Forms versions = 1.1.5...

CVE-2025-47025

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47012

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46934

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46906

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46864

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...