MAL-2026-758 Malicious code in tailwindcss-forms-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91e47d3466ef7beca3f6d4cc16c77c91c52a3d29dbbe4d484fcf3e2397f18d2c The package tailwindcss-forms-starter was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview tailwindcss-forms-starter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in tailwindcss-forms-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91e47d3466ef7beca3f6d4cc16c77c91c52a3d29dbbe4d484fcf3e2397f18d2c The package tailwindcss-forms-starter was found to contain malicious code. Source: ghsa-malware...

CVE-2026-24985

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin NEX-Forms versions = 9.1.7...

WordPress WPForms Google Sheet Connector plugin <= 4.0.1 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Denver Jackson in WordPress Plugin WPForms Google Sheet Connector versions = 4.0.1...

CVE-2020-37091

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

CVE-2026-24985

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via get_form_fields vulnerability

Missing Authorization via getformfields vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

CVE-2026-24985

The CVE-2026-24985 entry describes a Missing Authorization/Broken Access Control vulnerability in the approveme WP Forms Signature Contract Add-On for WordPress, affecting versions up to and including 1.8.2. The issue stems from incorrectly configured access control security levels, enabling unau...

EUVD-2026-5243

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

CVE-2026-24985

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via restore_records() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via restorerecords vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via setstarred vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

Malicious code in tailwindcss-forms-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c160bdf4857d48ea8df8ddf468e5a63432a60ced853eff31cbc5093966a044f The package tailwindcss-forms-kit was found to contain malicious code. Source: ghsa-malware...

MAL-2026-693 Malicious code in tailwindcss-forms-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c160bdf4857d48ea8df8ddf468e5a63432a60ced853eff31cbc5093966a044f The package tailwindcss-forms-kit was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview tailwindcss-forms-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-1065

The CVE concerns the WordPress Form Maker by 10Web plugin (versions through 1.15.35). The vulnerability is a Stored Cross-Site Scripting flaw caused by an allowlist that permits SVG uploads combined with weak substring-based extension validation, enabling unauthenticated attackers to upload malic...

PT-2026-6233

Name of the Vulnerable Software and Affected Versions approveme WP Forms Signature Contract Add-On versions through 1.8.2 Description The WP Forms Signature Contract Add-On contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access...

CVE-2025-15510

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...