WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

PT-2025-2141 · WordPress · Gravity Forms

Name of the Vulnerable Software and Affected Versions: Gravity Forms plugin for WordPress versions up to, and including, 2.9.1.3 Description: The issue is related to Stored Cross-Site Scripting via the alt parameter due to insufficient input sanitization and output escaping. This allows...

PT-2025-2142 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Gravity Forms plugin for WordPress versions 2.9.0.1 through 2.9.1.3 Description: The issue concerns a Stored Cross-Site Scripting vulnerability via the style settings parameter due to insufficient input sanitization and output escaping. This...

WordPress GravityForms plugin <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'alt' parameter vulnerability discovered by mikemyers in WordPress Plugin Gravity Forms versions = 2.9.1.3...

WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin Multi Uploader for Gravity Forms versions = 1.1.3...

WordPress Rebrand Fluent Forms Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Rebrand Fluent Forms versions = 1.0...

WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika in WordPress Plugin WAH Forms versions = 1.0...

CVE-2025-22752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11...

CVE-2025-22752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WesternDeal GSheetConnector for Forminator Forms gsheetconnector-forminator allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through = 1.0.12...

CVE-2025-22752 WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11...

CVE-2025-22752 WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WesternDeal GSheetConnector for Forminator Forms gsheetconnector-forminator allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through = 1.0.12...

CVE-2025-22752

The CVE-2025-22752 entry pertains to a WordPress plugin vulnerability: GSheetConnector for Forminator Forms (versions up to and including 1.0.11, with Patchstack noting up to 1.0.12). It is caused by improper neutralization of input during web page generation, enabling a Reflected Cross-Site Scri...

WordPress plugin GSheetConnector for Forminator Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-4673 · Unknown · Gsheetconnector For Forminator Forms

Name of the Vulnerable Software and Affected Versions: GSheetConnector for Forminator Forms versions 1.0.11 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inje...

WordPress PDF for WPForms plugin <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via yeepdfdotab Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin PDF for WPForms versions = 4.6.0...

GHSA-9V8M-QV22-F268 Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...

Improper Input Validation

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Improper Input Validation due to the lack of server-side validation for character limits in short and long answer fields. An attacker can bypass client-side validations and submi...

Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...

CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...