CVE-2025-64515

Open Forms (Open Formulieren) is affected prior to versions 3.2.7 and 3.3.3 where prefill data fields that are dynamically set to readonly/disabled could be tampered with by malicious users. The underlying issue is that these fields can be modified despite a UI restriction, enabling data tamperin...

WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms FreshDesk Plugin versions = 1.3.5...

CVE-2025-12528

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

EUVD-2025-197948

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

CVE-2025-12528

CVE-2025-12528 concerns the Pie Forms for WP WordPress plugin (versions &lt;= 1.6). The issue is an Arbitrary File Upload due to insufficient file-type validation: validate_classic checks extensions but does not stop the upload, enabling unauthenticated attackers to upload dangerous extensions (e...

CVE-2025-12528 Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

CVE-2025-12528 Pie Forms for WP <= 1.6 - Unauthenticated Arbitrary File Upload

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the formatclassic function. This is due to insufficient file type validation where the validateclassic method validates file extensions and sets error messages but does n...

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-12974

CVE-2025-12974 (Gravity Forms, WordPress) : Unauthenticated arbitrary file upload via the legacy chunked upload mechanism. The extension blacklist misses .phar, allowing an attacker to upload a PHAR file and, if the webserver treats PHARs as PHP, potentially achieve remote code execution. Affecte...

PT-2025-47259

Name of the Vulnerable Software and Affected Versions Pie Forms for WP plugin for WordPress versions prior to 1.7 Description The Pie Forms for WP plugin for WordPress is susceptible to an Arbitrary File Upload issue through the format classic function. Insufficient file type validation within th...

PT-2025-47415

Name of the Vulnerable Software and Affected Versions Open Forms versions prior to 3.2.7 Open Forms versions prior to 3.3.3 Description Open Forms enables users to create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms with prefill data fields dynamically set to readonly or...

WordPress Popup addon for Ninja Forms plugin cross-site scripting vulnerability

WordPress Popup addon for Ninja Forms plugin is a WordPress form plugin that supports the creation of contact forms, signup forms and more. Its Popup/Modal plugin generates informational or promotional popups for email subscriptions, login signups, and other scenarios. A cross-site scripting...

WordPress plugin Pie Forms for WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress plugin Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-47239

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.9.22 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the legacy chunked upload mechanism. The extension blacklist...

Open Forms 输入验证错误漏洞

Open Forms is a smart dynamic form from Open Formulieren open source. It is used to quickly create powerful and intelligent forms exposed via API. An input validation error vulnerability exists in Open Forms versions prior to 3.2.7 and prior to 3.3.3, which stems from a pre-filled data field that...