CVE-2024-12184

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accuaformsdownloadsubmittedfile function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download...

WordPress WordPress Contact Forms by Cimatti plugin <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download vulnerability

Missing Authorization to Unauthenticated Form Submission Download vulnerability discovered by rcl25 in WordPress Plugin Contact Forms by Cimatti versions = 1.9.4...

CVE-2025-24686

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Reflected XSS.This issue affects RegistrationMagic: from n/a through = 6.0.3.3...

CVE-2025-24686 WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Reflected XSS.This issue affects RegistrationMagic: from n/a through = 6.0.3.3...

CVE-2025-0470

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-0470 Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Forminator Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-3903 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.38.2 Description: The issue is related to Reflected Cross-Site Scripting via the title parameter due to insufficient...

CVE-2024-13470

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2024-13470

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

WordPress Ninja Forms plugin <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Ninja Forms versions = 3.8.24...

CVE-2024-13470 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2024-13470

CVE-2024-13470 affects Ninja Forms – The Contact Form Builder That Grows With You (WordPress) and is vulnerable in all versions up to 3.8.24 due to insufficient input sanitization and output escaping on shortcode attributes. This enables a stored cross-site scripting (XSS) payload by authenticate...

CVE-2024-13470 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

WordPress plugin Ninja Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-2186 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.24 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcode due to insufficient input...

org.apache.cocoon:cocoon-apples-sample (=2.3.0), org.apache.cocoon:cocoon-dist-samples (=2.3.0) +8 more potentially affected by CVE-2025-24783 via org.apache.cocoon:cocoon-forms-impl (=2.3.0)

org.apache.cocoon:cocoon-forms-impl MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cocoon:cocoon-forms-impl and may be impacted: - org.apache.cocoon:cocoon-apples-sample =2.3.0 - org.apache.cocoon:cocoon-dist-samples...

CVE-2025-24708

CVE-2025-24708 is a reflected XSS in the WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin. Affected versions are up to 1.1.6. Root cause: improper input neutralization during web page generation. The CVE entry is present in multiple feeds; Patch status ind...

WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.6...

PT-2025-5522 · Unknown · Dynamics Crm

Name of the Vulnerable Software and Affected Versions: WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions 1.1.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected...