PT-2025-16943 · WordPress · Fluent Forms

Name of the Vulnerable Software and Affected Versions: Fluent Forms plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the form-submission.js script. This allows...

CVE-2025-39591

Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through = 1.2.3...

CVE-2025-39560

Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through = 4.8.4...

CVE-2025-39560

CVE-2025-39560 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress Live Forms plugin, affecting version

CVE-2025-39591 WordPress WP Subscription Forms plugin <= 1.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through = 1.2.3...

CVE-2025-39591 WordPress WP Subscription Forms plugin <= 1.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through = 1.2.3...

CVE-2025-39591

CVE-2025-39591 is a Missing Authorization vulnerability in WP Subscription Forms affecting versions up to 1.2.3. CVSS 3.1 base score 5.4 (Medium). The connected sources (RH, NVD, PatchStack, CVE lists) confirm the issue and that a patch exists, but do not specify the exact patched version. Exploi...

WordPress plugin WP Subscription Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Live Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-16654 · Unknown · Shahjada Live Forms

Name of the Vulnerable Software and Affected Versions: Shahjada Live Forms versions through 4.8.4 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through 4.8.4,...

CVE-2025-3421

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'formid' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping...

CVE-2025-3422

The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...

CVE-2025-3439

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

CVE-2025-32205

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through = 1.0.30...

CVE-2025-32213

Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through = 1.0.43...

WordPress Everest Forms plugin <= 3.1.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin Everest Forms versions = 3.1.1...

WordPress Everest Forms plugin <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Everest Forms versions = 3.1.1...

WordPress Everest Forms plugin <= 3.1.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by kuaile in WordPress Plugin Everest Forms versions = 3.1.1...

CVE-2025-32692

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows PHP Local File Inclusion.This issue affects WP Subscription Forms: from n/a through = 1.2.4...

CVE-2025-32667

Cross-Site Request Forgery CSRF vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through = 2.5.1...