PT-2025-21011 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: Umbraco Forms versions 7.x through 13.4.1 Umbraco Forms versions 15.1.1 and earlier Description: The issue affects Umbraco Forms, a form builder that integrates with the Umbraco content management system. It is related to the 'Send email'...

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload...

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload...

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload...

CVE-2025-26841

Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code via a file upload...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-26841

CVE-2025-26841 affects WPEVEREST Everest Forms (WordPress plugin) prior to version 3.0.9. The vulnerability is a Cross Site Scripting flaw in the file upload feature that an attacker can abuse to execute arbitrary code. Root cause is an improper handling/validation in file uploads enabling XSS; C...

PT-2025-20700 · Wpeverest · Everest Forms

Name of the Vulnerable Software and Affected Versions: WPEVEREST Everest Forms versions prior to 3.0.9 Description: The issue allows an attacker to execute arbitrary code via a file upload, exploiting a Cross Site Scripting vulnerability. Recommendations: For versions prior to 3.0.9, update to...

CVE-2025-3468

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cleanhtml and formfields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-4208

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-47502

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick van Wobbie Mollie Forms mollie-forms allows Stored XSS.This issue affects Mollie Forms: from n/a through = 2.7.12...

CVE-2025-47456

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms Zendesk gf-zendesk allows Phishing.This issue affects WP Gravity Forms Zendesk: from n/a through = 1.1.2...

CVE-2025-47454

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms Dynamics CRM gf-dynamics-crm allows Phishing.This issue affects WP Gravity Forms Dynamics CRM: from n/a through = 1.1.4...

CVE-2025-4208

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-4208

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-3468

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cleanhtml and formfields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-3468

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cleanhtml and formfields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-4208 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

CVE-2025-4208

CVE-2025-4208 affects the WordPress plugin “NEX-Forms – Ultimate Forms Plugin for WordPress.” The issue is a Limited Code Execution vulnerability in versions up to 8.9.1 caused by unsanitized user input being passed to call_user_func() inside the get_table_records function. This allows an authent...

CVE-2025-3468

CVE-2025-3468 affects the WordPress plugin NEX-Forms – Ultimate Form Builder . It is a Stored Cross-Site Scripting flaw exploitable via the clean_html and form_fields parameters in all versions up to and including 8.9.1. The issue requires an authenticated attacker with Custom-level access and ca...