CVE-2025-34398

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

CVE-2025-67587

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

CVE-2025-62738

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

CVE-2025-62738 WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

CVE-2025-62738

CVE-2025-62738 involves a missing authorization vulnerability in the WordPress plugin Formstack Online Forms (versions n/a through 2.0.2). The issue arises from incorrectly configured access control, enabling unauthorized access. The available connected documents do not provide a remediation or p...

CVE-2025-62738 WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

CVE-2025-67587 WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

CVE-2025-67587 WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

CVE-2025-67587

CVE-2025-67587: Open Redirect in WP Gravity Forms FreshDesk Plugin (gf-freshdesk) up to version 1.3.5. This allows phishing via redirection to untrusted sites. Affected software is the gf-freshdesk component of the Gravity Forms FreshDesk plugin; remediation is to upgrade to a newer-than-1.3.5 re...

CVE-2025-67468 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

CVE-2025-67468

CVE-2025-67468 affects WordPress: the WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin (cf7-salesforce) with versions up to and including 1.4.6. The issue is a Missing Authorization / Broken Access Control vulnerability allowing exploitat...

WordPress plugin Formstack Online Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

PT-2025-49884

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7,...

PT-2025-49961

Name of the Vulnerable Software and Affected Versions WP Gravity Forms FreshDesk Plugin versions through 1.3.5 Description The WP Gravity Forms FreshDesk Plugin contains a URL Redirection to Untrusted Site issue, also known as an 'Open Redirect'. This condition allows for potential phishing...

WordPress plugin WP Gravity Forms FreshDesk Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-50147

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description The software contains a reflected cross-site scripting XSS issue in the Failed parameter of the ''/Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx'' endpoint. The Failed value is not properly...

WordPress plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

PT-2025-50007

Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through = 2.0.2...

WordPress Fluent Forms plugin <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability

Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submissionid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin FluentForm versions = 6.1.7...

CVE-2025-13748

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...