CVE-2023-28781

Unauth. Stored Cross-Site Scripting XSS vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin = 1.5.4 versions...

CVE-2023-28782

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...

CVE-2023-37979

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Saturday Drive Ninja Forms Contact Form plugin = 3.6.25 versions...

CVE-2023-48278

Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

CVE-2023-35095

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

CVE-2023-51413

Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29...

CVE-2023-51377

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3...

CVE-2023-5098

The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges like subscribers from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS...

CVE-2023-44474

Unauth. Reflected Cross-Site Scripting XSS vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin = 2.0.0 versions...

CVE-2023-38386

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25...

CVE-2023-48276

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1...

CVE-2023-38393

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25...

CVE-2023-36505

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24...

CVE-2023-35053

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms...

CVE-2023-32623

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server...

CVE-2023-2877

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the...

CVE-2023-2701

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

CVE-2023-2330

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2023-2324

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...