PT-2025-23914 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.44.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and...

CVE-2025-49069

Cross-Site Request Forgery CSRF vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through = 1.9.8...

CVE-2025-29094

Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components...

CVE-2025-49069

Cross-Site Request Forgery CSRF vulnerability in cimatti Contact Forms by Cimatti contact-forms allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through = 1.9.8...

WordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Shivam Khanna Patchstack Alliance in WordPress Plugin Contact Forms by Cimatti versions = 1.9.8...

WordPress plugin Contact Forms by Cimatti 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress...

PT-2025-23556 · Cimatti · Contact Forms By Cimatti

Name of the Vulnerable Software and Affected Versions: Contact Forms by Cimatti versions 1.9.8 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's behalf. This can be achieved by tricking the...

📄 Motivian Content Management System 41.0.0 Cross Site Scripting

Motivian Content Management System version 41.0.0 suffers from multiple cross site scripting vulnerabilities. CVE-2025-29094-Multiple-Stored-Cross-Site-Scripting-XSS This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. - CVE-2025-29094:...

WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Real Time Validation for Gravity Forms versions = 1.7.0...

WordPress plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

PT-2025-23251 · WordPress · Ninja Forms +4

Name of the Vulnerable Software and Affected Versions: The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress versions up to, and including, 1.4.4 Description: The issue allows unauthenticated attackers to retrieve the full path of the...

ConnectWise ScreenConnect < 25.2.4 RCE

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 25.2.4. It is, therefore affected by a remote code execution vulnerability: - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection...

VulnCheck KEV: CVE-2015-4455

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

CVE-2025-5055

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-47513

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in James Laforge Infocob CRM Forms infocob-crm-forms allows Path Traversal.This issue affects Infocob CRM Forms: from n/a through = 2.4.0...

CVE-2025-47492

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Path Traversal.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a...

CVE-2025-5055

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-5055 Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-5055

CVE-2025-5055 affects the WordPress plugin Smart Forms (versions up to 2.6.98). The root cause is insufficient input sanitization and output escaping in admin settings, enabling stored XSS. Exploitation requires authenticated admin+ privileges and can inject scripts that execute when users load i...

CVE-2025-5055 Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting

The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...