CVE-2025-13159

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

CVE-2025-13136 GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-13136

CVE-2025-13136 affects the WordPress plugin GSheetConnector For Ninja Forms (

CVE-2025-13136 GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure

The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress GSheetConnector For Ninja Forms plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ System Information Exposure vulnerability discovered by Bhayanak Atma in WordPress Plugin Ninja Forms Google Sheet Connector versions = 2.0.1...

WordPress plugin GSheetConnector For Ninja Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2025-198392

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

CVE-2025-13159

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

CVE-2025-13159

Flo Forms – Easy Drag & Drop Form Builder for WordPress (≤ v1.0.43) is affected by an unauthenticated stored XSS via SVG uploads. The vulnerability arises from accepting SVG uploads through the flo_form_submit endpoint without proper content validation, enabling attackers to place JavaScript in S...

CVE-2025-13159 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

The Star Product of Uniformly Random Codes

We consider the problem of determining the expected dimension of the star product of two uniformly random linear codes that are not necessarily of the same dimension. We achieve this by establishing a correspondence between the star product and the evaluation of bilinear forms, which we use to...

PT-2025-47702

Name of the Vulnerable Software and Affected Versions Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to and including 1.0.43 Description The Flo Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. The plugin permits SVG fi...

WordPress plugin Flo Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-12528

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-64515

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

CVE-2025-64515 Open Forms prefill data in read-only components can be tampered

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

CVE-2025-64515 Open Forms prefill data in read-only components can be tampered

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

CVE-2025-64515 Open Forms prefill data in read-only components can be tampered

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

EUVD-2025-198098

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...