CVE-2025-60151

CVE-2025-60151 is an Open Redirect vulnerability in the WP Gravity Forms HubSpot plugin (gf-hubspot) for WordPress, affecting versions up to and including 1.2.5. The issue allows a URL redirection to an untrusted site, supporting phishing scenarios as described in multiple sources (NVD/Red Hat/EU...

CVE-2025-58966

CVE-2025-58966 affects the WordPress plugin NEX-Forms LITE (Basix NEX-Forms LITE, nex-forms-lite) and is described as a Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. The CVE entry indicates the issue is a Reflected XSS affecting NEX-F...

CVE-2025-58966 WordPress NEX-Forms LITE plugin < 8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from n/a through 8.2...

CVE-2025-58966 WordPress NEX-Forms LITE plugin < 8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from n/a through 8.2...

WordPress plugin Everest Forms - Frontend Listing Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Connector for Gravity Forms and Google Sheets 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A security vulnerabilit...

WordPress plugin NEX-Forms LITE 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-43279

Name of the Vulnerable Software and Affected Versions Basix NEX-Forms LITE versions prior to 8.2 Description A flaw exists in Basix NEX-Forms LITE that allows for Reflected Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerabilit...

WordPress plugin WP Gravity Forms HubSpot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.8 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms Zoho CRM and Bigin versions = 1.2.8...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54253link is external Adobe Experience Manager Forms Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

Adobe Experience Manager Forms Code Execution Vulnerability

Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution...

CVE-2025-61797

Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

Magento vulnerable to stored Cross-Site Scripting (XSS)

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

CVE-2025-54264 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields...

Wapiti Web Application Vulnerability Scanner 3.2.7

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...

Wapiti Web Application Vulnerability Scanner 3.2.7 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

WordPress GSheetConnector For Gravity Forms plugin <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation vulnerability

Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation vulnerability discovered by wesley wcraft in WordPress Plugin Gravity Forms Google Sheet Connector versions = 1.3.23...

WordPress GSheetConnector For Gravity Forms plugin <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by wesley wcraft in WordPress Plugin Gravity Forms Google Sheet Connector versions = 1.3.27...

CVE-2025-8606

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...