CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/05/08 11:13 a.m.•21 views

CVE-2025-4208 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

6.3CVSS0.00282EPSS

Cvelist•added 2025/05/08 11:13 a.m.•21 views

CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting

6.4CVSS0.00182EPSS

CNNVD•added 2025/05/08 12:0 a.m.•1 views

WordPress plugin NEX-Forms 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

6.3CVSS7.2AI score0.00282EPSS

Positive Technologies•added 2025/05/08 12:0 a.m.•3 views

PT-2025-20373 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.9.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

6.4CVSS6.2AI score0.00182EPSS

Exploits0References9

Positive Technologies•added 2025/05/08 12:0 a.m.•3 views

PT-2025-20375 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.9.1 Description: The issue is related to Limited Code Execution due to the unsanitized use of user-supplied input in the cal...

6.3CVSS7.2AI score0.00282EPSS

Exploits0References10

CNNVD•added 2025/05/08 12:0 a.m.•2 views

WordPress plugin NEX-Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.4CVSS6.5AI score0.00182EPSS

NVD•added 2025/05/07 3:16 p.m.•18 views

CVE-2025-47644

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in formsintegrations Integrations of Zoho CRM with Elementor form integrations-of-zoho-crm-with-elementor-form allows Phishing.This issue affects Integrations of Zoho CRM with Elementor form: from n/a through = 1.0.8...

NVD•added 2025/05/07 3:16 p.m.•7 views

CVE-2025-47502

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick van Wobbie Mollie Forms mollie-forms allows Stored XSS.This issue affects Mollie Forms: from n/a through = 2.7.12...

6.5CVSS0.00209EPSS

NVD•added 2025/05/07 3:15 p.m.•2 views

CVE-2025-47454

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms Dynamics CRM gf-dynamics-crm allows Phishing.This issue affects WP Gravity Forms Dynamics CRM: from n/a through = 1.1.4...

NVD•added 2025/05/07 3:15 p.m.•4 views

CVE-2025-47456

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms Zendesk gf-zendesk allows Phishing.This issue affects WP Gravity Forms Zendesk: from n/a through = 1.1.2...

Cvelist•added 2025/05/07 2:19 p.m.•14 views

CVE-2025-47502 WordPress Mollie Forms plugin <= 2.7.12 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00209EPSS

Vulnrichment•added 2025/05/07 2:19 p.m.•3 views

CVE-2025-47502 WordPress Mollie Forms plugin <= 2.7.12 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS8.6AI score0.00209EPSS

CVE•added 2025/05/07 2:19 p.m.•36 views

CVE-2025-47502

CVE-2025-47502 concerns Mollie Forms (WordPress plugin) versions up to 2.7.12. Affected: Mollie Forms plugin; root cause: improper neutralization of input during web page generation leading to Stored XSS. Impact per sources: potential for script injection affecting users; CVSSv3.1 base score 6.5 ...

6.5CVSS7.2AI score0.00209EPSS

Cvelist•added 2025/05/07 2:19 p.m.•19 views

CVE-2025-47456 WordPress WP Gravity Forms Zendesk plugin <= 1.1.2 - Open Redirection Vulnerability

CVE•added 2025/05/07 2:19 p.m.•47 views

CVE-2025-47456

CVE-2025-47456 describes an Open Redirect vulnerability in the WordPress plugin WP Gravity Forms Zendesk affecting versions up to and including 1.1.2. The issue enables redirection to untrusted sites, facilitating phishing. Public records indicate the vulnerability has been patched, and multiple ...

4.7CVSS7.2AI score0.00263EPSS

CVE•added 2025/05/07 2:19 p.m.•39 views

CVE-2025-47454

CVE-2025-47454 is an Open Redirect vulnerability in the WordPress plugin WP Gravity Forms Dynamics CRM (CRM Perks) affecting versions up to and including 1.1.4. The issue enables phishing through malicious redirection to untrusted sites. The vulnerability has been patched; patch status indicates ...

4.7CVSS7.2AI score0.00263EPSS

Cvelist•added 2025/05/07 2:19 p.m.•12 views

CVE-2025-47454 WordPress WP Gravity Forms Dynamics CRM plugin <= 1.1.4 - Open Redirection Vulnerability