8133 matches found
PT-2026-1755
Name of the Vulnerable Software and Affected Versions NEX-Forms WordPress plugin versions prior to 9.1.8 Description The NEX-Forms WordPress plugin does not properly sanitise and escape certain settings. This configuration can allow subscribers to execute Stored Cross-Site Scripting attacks...
WordPress plugin Forminator Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2026-0674
Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Campaign Monitor for WordPress: from n/a through 2.9.1...
CVE-2026-0674
CVE-2026-0674 refers to a Missing Authorization vulnerability in Campaign Monitor for WordPress (plugin: forms-for-campaign-monitor). The Wordfence document confirms the affected component and describes exploitation as arising from an incorrectly configured access control, with CVSS 3.1 base scor...
PT-2026-1968
Name of the Vulnerable Software and Affected Versions Campaign Monitor for WordPress versions through 2.9.0 Description A missing authorization issue exists in Campaign Monitor for WordPress forms-for-campaign-monitor, allowing exploitation of incorrectly configured access control security levels...
CVE-2025-13722
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...
CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...
CVE-2025-13722
CVE-2025-13722 affects Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder for WordPress. Wordfence reports Missing Authorization in the fluentform_ai_create_form AJAX action, allowing authenticated attackers with Subscriber+ privileges to create arbitrary forms...
CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...
CVE-2025-13409
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2024-2108
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes ...
CVE-2024-2030
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-2772
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-2771
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...
PT-2026-1605
Name of the Vulnerable Software and Affected Versions Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress versions through 6.1.7 Description The Fluent Forms plugin for WordPress is affected by a missing authorization issue. Capability check...
WordPress plugin Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 安全漏洞
...
WordPress Fluent Forms plugin <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Form Creation via AI Builder vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin FluentForm versions = 6.1.7...
CVE-2025-13409
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-14072
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...
CVE-2025-14072
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...