CVE-2025-32620

CVE-2025-32620: Missing Authorization in the WordPress Doppler Forms plugin (

CVE-2025-39428 WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...

CVE-2025-39428

CVE-2025-39428 : Cross-Site Scripting in Gravity Forms CSS Themes with Fontawesome and Placeholders (WordPress plugin) allows stored XSS. Affected: Gravity Forms CSS Themes with Fontawesome and Placeholders, versions n/a through 8.5. Root cause: improper input neutralization during web page gener...

CVE-2025-39428 WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders allows Stored XSS. This issue affects Gravity Forms CSS Themes with Fontawesome and Placeholders: from n/a through 8.5...

CVE-2025-3487

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-3479

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handlestripesingle' function due to insufficient validation on a user controlled key. This makes it possible for...

CVE-2025-3487

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘limit’ parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-3479

Forminator Forms – Contact Form, Payment Form & Custom Form Builder for WordPress is vulnerable to an Order Replay flaw (CVE-2025-3479) in versions up to 1.42.0 due to insufficient validation of a user-controlled key in the handle_stripe_single path. This allows an unauthenticated attacker to reu...

WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Gravity Forms CSS Themes with Fontawesome and Placeholders versions = 8.5...

CVE-2025-3615

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-3615 Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-3615 Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-3615

CVE-2025-3615 : Fluent Forms for WordPress is vulnerable to Stored Cross-Site Scripting via form-submission.js in all versions up to and including 6.0.2. Exploitation requires authenticated access at Contributor level or higher, enabling an attacker to inject scripts that run when users load the ...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Fluent Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Forminator Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin Doppler Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-16953 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.42.0 Description: The issue allows unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple...

PT-2025-17141 · Unknown · Doppler Forms

Name of the Vulnerable Software and Affected Versions: Doppler Forms versions n/a through 2.4.5 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For Doppler Forms versio...

WordPress plugin Gravity Forms CSS Themes with Fontawesome and Placeholders 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...