CVE-2024-51651

Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through = 1.1.10...

CVE-2024-11826 Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including...

CVE-2024-11826 Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including...

CVE-2024-11826

The CVE-2024-11826 entry refers to The Quill Forms WordPress plugin, where a Stored Cross-Site Scripting vulnerability exists in the quillforms-popup shortcode for all versions up to and including 3.10.0. Exploitation requires authenticated access at contributor level or higher, with the attacker...

CVE-2024-51651

CVE-2024-51651 is a Missing Authorization issue in CubeWP Forms – All-in-One Form Builder. Affected versions: 1.1.5 and earlier. CVSS v3.1 base score 5.3 (NETWORK, LOW complexity, PRIV:S NONE, UI: NONE). Impact per sources is limited to an incorrect access-control configuration; exploitation deta...

CVE-2024-51651 WordPress CubeWP Forms plugin <= 1.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through = 1.1.10...

CVE-2024-51651 WordPress CubeWP Forms plugin <= 1.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through = 1.1.10...

CVE-2025-22347 WordPress BSK Forms Blacklist plugin <= 3.9 - CSRF to SQL Injection vulnerability

Cross-Site Request Forgery CSRF vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through = 3.9...

CVE-2025-22347

CVE-2025-22347 describes a Cross-Site Request Forgery that enables Blind SQL Injection in the BSK Forms Blacklist plugin for BannerSky.com, affecting versions up to 3.9. The Red Hat advisory corroborates the CSRF/SQL-injection pattern for this plugin family, noting the vulnerability context as Au...

CVE-2025-22347 WordPress BSK Forms Blacklist plugin <= 3.9 - CSRF to SQL Injection vulnerability

Cross-Site Request Forgery CSRF vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through = 3.9...

WordPress plugin Quill Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin CubeWP Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin BSK Forms Blacklist 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2025-4461 · Unknown · Bsk Forms Blacklist

Name of the Vulnerable Software and Affected Versions: BSK Forms Blacklist versions n/a through 3.9 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Blind SQL Injection. This means an attacker can trick a user into performing unintended actions on a...

PT-2025-2906 · Unknown · Cubewp Forms

Name of the Vulnerable Software and Affected Versions: CubeWP Forms – All-in-One Form Builder versions 1.1.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can lead to...

PT-2025-1696 · WordPress · Quill Forms

Name of the Vulnerable Software and Affected Versions: Quill Forms plugin for WordPress versions up to, and including, 3.10.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode due to insufficient input sanitization and output escaping o...

WordPress CubeWP Forms plugin <= 1.1.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by hunter85 in WordPress Plugin CubeWP Forms versions = 1.1.10...

CVE-2025-0213

A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/updateforms.php?action=changepic2&id=4. The manipulation of the argument file leads to unrestricted upload. The attack can be initiate...

Campcodes Project Management System 代码问题漏洞

Campcodes Project Management System is a project management system from Campcodes, Inc. A code issue vulnerability exists in Campcodes Project Management System version 1.0, which stems from the parameter file in the file /forms/updateforms.php?action=changepic2&id=4 that can lead to unrestricted...

PT-2025-3785 · Unknown · Campcodes Project Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Project Management System version 1.0 Description: A critical issue has been found in the code of the file /forms/update forms.php?action=change pic2&id=4, allowing for unrestricted upload due to the manipulation of the argument fil...