CVE-2024-7052

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13125

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7052

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7052

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2025-6768 · WordPress · Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms WordPress plugin versions prior to 1.38.3 Description: The issue allows high privilege users, such as Admin, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

WordPress Everest Forms plugin < 3.0.8.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Everest Forms versions 3.0.8.1...

CVE-2024-13125

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13125

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13125 Everest Forms < 3.0.8.1 - Admin+ Stored XSS

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13125

The Everest Forms WordPress plugin is vulnerable prior to version 3.0.8.1 due to insufficient sanitization/escaping of certain settings, enabling Stored XSS for high-privilege users such as admins (e.g., in multisite setups). Documented impact is Stored XSS with potential exposure of admin pages;...

CVE-2024-13125 Everest Forms < 3.0.8.1 - Admin+ Stored XSS

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-6532 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms WordPress plugin versions prior to 3.0.8.1 Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example in ...

GSheetConnector for Forminator Forms for WordPress Cross-Site Scripting

The WordPress GSheetConnector for Forminator Forms Plugin installed on the remote host is affected by a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tester for these issues but has instead relied only the application's self-reported version number. No source data...

PT-2025-6022 · Ninjaforms +1 · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms WordPress plugin versions prior to 3.10.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, f...

CVE-2025-24545

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bannersky BSK Forms Validation bsk-gravity-forms-custom-validation allows Reflected XSS.This issue affects BSK Forms Validation: from n/a through = 1.7...

CVE-2025-24629

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpgear Import Excel to Gravity Forms gf-excel-import allows Reflected XSS.This issue affects Import Excel to Gravity Forms: from n/a through = 1.18...

CVE-2021-31455

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-31459

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...