8091 matches found
CVE-2026-2899
CVE-2026-2899 affects the Fluent Forms Pro Add On Pack for WordPress up to version 6.1.17. The root cause is Missing Authorization in the Uploader::deleteFile() path, due to lack of nonce verification and capability checks. The AJAX action is registered via addPublicAjaxAction(), creating both wp...
CVE-2026-2899 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...
CVE-2026-2365
CVE-2026-2365 affects the Fluent Forms Pro WordPress plugin (versions up to and including 6.1.17). The vulnerability is Stored Cross-Site Scripting via the fluentform_step_form_save_data AJAX action, arising from a publicly accessible draft form submission endpoint without authentication or nonce...
CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission
The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...
CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission
The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...
PT-2026-23447
Name of the Vulnerable Software and Affected Versions The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to and including 1.4.7 Description The plugin is susceptible to PHP Object Injection due to deserialization of untrusted input within the download csv...
WordPress plugin Database for Contact Form 7, WPforms, Elementor forms 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
WordPress plugin Fluent Forms Pro 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-23129
Name of the Vulnerable Software and Affected Versions Fluent Forms Pro versions up to and including 6.1.17 Description The Fluent Forms Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the fluentform step form save data AJAX action. The draft form submission endpoint...
PT-2026-23130
Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack versions up to and including 6.1.17 Description The Fluent Forms Pro Add On Pack plugin for WordPress has a missing authorization issue. The deleteFile method within the Uploader class does not properly verify nonc...
WordPress plugin Fluent Forms Pro Add On Pack 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2026-9389
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
CVE-2026-1674
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
CVE-2026-1674
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
CVE-2026-1674 Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
CVE-2026-1674
CVE-2026-1674 affects Gutena Forms for WordPress (all versions
CVE-2026-1674 Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema()
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...
PT-2026-22899
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the save gutena forms schema function in all versions up to, and including, 1.6.0. This...
WordPress plugin Gutena Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability
WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin = 1.6.0 - Authenticated Contributor+ Limited Options Update in savegutenaformsschema vulnerability discovered by Youssef Elouaer in WordPress Plugin Gutena Forms – Contact Form, Survey...