CVE-2024-34380

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0...

CVE-2024-39643

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1...

CVE-2023-49170

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in captainform Forms by CaptainForm – Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm – Form Builder for WordPress: from n/a through 2.5.3...

CVE-2023-4404

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

CVE-2021-31453

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-31450

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2025-23921

Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through = 1.1.3...

CVE-2022-31040

Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a referer querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a...

CVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious file...

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Web-Application-Vulnerability-Scanner

Web-Application-Vulnerability-Scanner Web Application Vulnerab...

CVE-2025-14782 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listenforcsvexport' function. This is due to the plugin not properly verifying that a user is authorized to...

CVE-2025-14782

CVE-2025-14782 details from Wordfence confirm a direct authorization bypass in the Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress. The issue affects all versions up to and including 1.49.1 and arises from missing authorization checks in the listen_for_csv...

CVE-2025-14782 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listenforcsvexport' function. This is due to the plugin not properly verifying that a user is authorized to...

CVE-2025-14803

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

CVE-2025-14803

CVE-2025-14803 concerns the Nex-Forms WordPress plugin, affected up to version 9.1.8. The issue arises from inadequate sanitization/escaping of certain settings, enabling stored XSS when configured in a specific way. Public Red Hat and CIRCL entries corroborate the same description. Red Hat notes...

CVE-2025-14803 Nex-Forms Express WP Form Builder < 9.1.8 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

CVE-2025-14803 Nex-Forms Express WP Form Builder < 9.1.8 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

PT-2026-1754

Name of the Vulnerable Software and Affected Versions Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to and including 1.49.1 Description The Forminator Forms plugin is susceptible to authorization bypass. This occurs because the plugin does no...

WordPress plugin NEX-Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...