CVE-2024-13845 Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook

The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'processfeed' method of the GFWebhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

CVE-2024-13845 Gravity Forms WebHooks <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook

The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'processfeed' method of the GFWebhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

CVE-2024-13845

CVE-2024-13845 : Gravity Forms WebHooks (WordPress) is vulnerable to SSRF via GF_Webhooks::process_feed in all versions ≤ 1.6.0. Requires authenticated Admin+ access; can trigger requests to internal/internal-service locations. Remediation exists (patched in the records); upgrade to a fixed versi...

WordPress plugin Gravity Forms WebHooks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

PT-2025-18357 · WordPress · Gravity Forms Webhooks

Name of the Vulnerable Software and Affected Versions: Gravity Forms WebHooks plugin for WordPress versions up to, and including, 1.6.0 Description: The issue allows authenticated attackers with Administrator-level access and above to make web requests to arbitrary locations originating from the...

WordPress Gravity Forms WebHooks plugin <= 1.6.0 - Authenticated (Admin+) Server-Side Request Forgery via Webhook vulnerability

Authenticated Admin+ Server-Side Request Forgery via Webhook vulnerability discovered by Francesco Carlucci in WordPress Plugin Gravity Forms WebHooks versions = 1.6.0...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET Web Forms. Affects DevExpress XtraReport serialization handling prior to version 23.1.3; impacts confidentiality, integrity and availability as per listed CVSS details. Remediation: upgrade to version 23.1.3 ...

CVE-2025-3935

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

CVE-2025-46453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CreatorTeam Zoho Creator Forms allows Stored XSS. This issue affects Zoho Creator Forms: from n/a through 1.0.5...

CVE-2025-3487

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-3615

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-46236

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Link Software LLC HTML Forms html-forms allows Stored XSS.This issue affects HTML Forms: from n/a through = 1.5.2...

CVE-2025-39428

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...

CVE-2025-39591

Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through = 1.2.3...

CVE-2025-39560

Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through = 4.8.4...