CVE-2025-23904

CVE-2025-23904 concerns the WordPress/Rebrand Fluent Forms plugin (versions

CVE-2025-23763 WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in Alex Volkov WAH Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WAH Forms: from n/a through 1.0...

CVE-2025-23763

CVE-2025-23763 concerns WordPress WAH Forms plugin

CVE-2025-23763 WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in Alex Volkov WAH Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WAH Forms: from n/a through 1.0...

WordPress plugin Rebrand Fluent Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin WAH Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-0469

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

OESA-2025-1221 golang security update

. Security Fixes: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more...

CVE-2025-0469

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2025-0469 Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

WordPress plugin Forminator Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...

CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...

CVE-2025-1128

The CVE-2025-1128 entry concerns the Everest Forms plugin for WordPress. The vulnerability lies in the EVF_Form_Fields_Upload class, where missing file type and path validation in the format method affects all versions up to and including 3.0.9.4. This allows unauthenticated attackers to upload, ...

WordPress plugin Everest Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-7814 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress versions 3.0.9.4 and earlier Description: The issue is related to arbitrary file upload, read, and deletion due to missing file type and path...

WordPress Everest Forms Plugin < 3.0.8.1 - Authenticated (Admin+) XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.128103";...

WordPress Everest Forms plugin <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion vulnerability

Unauthenticated Arbitrary File Upload, Read, and Deletion vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Everest Forms versions = 3.0.9.4...

100,000 WordPress Sites Affected by Arbitrary File Upload, Read and Deletion Vulnerability in Everest Forms WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

CVE-2024-12038

CVE-2024-12038 is a stored XSS vulnerability in the WordPress plugin Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) (BuddyForms). The issue arises from insufficient input sanitization and output escaping for attributes in the bud...