8173 matches found
WordPress plugin Salesmate Add-On for Gravity Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2025-31434
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.19...
CVE-2025-22652
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through = 4.0.1...
CVE-2025-30863
Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms integration-for-contact-form-7-and-google-sheets allows Cross Site Request Forgery.This issue affects Integration for Google Sheets and Contact Form 7,...
CVE-2025-30809
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through = 4.8.4...
CVE-2025-30784
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows SQL Injection.This issue affects WP Subscription Forms: from n/a through = 1.2.3...
WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.19 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.19...
CVE-2025-31434 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.19 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.19...
CVE-2025-31434 WordPress FormLift for Infusionsoft Web Forms <= 7.5.19 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Stored XSS. This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.19...
WordPress Breezing Forms plugin <= 1.2.8.11 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Breezing Forms versions = 1.2.8.11...
CVE-2025-22652
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through = 4.0.1...
CVE-2025-22652 WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kendysond Payment Forms for Paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through 4.0.1...
CVE-2025-22652 WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kendysond Payment Forms for Paystack payment-forms-for-paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through = 4.0.1...
CVE-2025-22652
CVE-2025-22652 is a SQL Injection vulnerability in the WordPress plugin Payment Forms for Paystack (vulnerable up to and including 4.0.1). The root cause, as detailed in the exploit repo, is unsafely inserting a URL parameter (order) directly into an SQL query without input validation/escaping in...
CVE-2025-30863
Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms integration-for-contact-form-7-and-google-sheets allows Cross Site Request Forgery.This issue affects Integration for Google Sheets and Contact Form 7,...
CVE-2025-30809
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through = 4.8.4...
CVE-2025-30784
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows SQL Injection.This issue affects WP Subscription Forms: from n/a through = 1.2.3...
WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.0.9...
WordPress WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin <= 4.8.4 - Settings Change vulnerability
Settings Change vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Live Forms versions = 4.8.4...
CVE-2025-30863
CVE-2025-30863 is a CSRF vulnerability in theIntegration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin. Affected is the plugin “Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms” with versions up to 1.0.9 (inclusive). The issue is a C...