8134 matches found
CVE-2025-8593
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'installplugin' function. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2025-10185
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-8593
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'installplugin' function. This makes it possible for authenticated attackers, with subscriber-level access...
EUVD-2025-33815
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-8606 GSheetConnector For Gravity Forms <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...
CVE-2025-8606
The vulnerability CVE-2025-8606 affects the WordPress plugin GSheetConnector For Gravity Forms (versions
CVE-2025-8593
CVE-2025-8593 affects the GSheetConnector For Gravity Forms WordPress plugin, with versions
CVE-2025-8593 GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'installplugin' function. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2025-10185
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-10185
CVE-2025-10185 affects NEX-Forms – Ultimate Forms Plugin for WordPress, where an SQL Injection is possible via the orderby parameter in the nf_load_form_entries action. Affected versions are up to 9.1.6. Exploitation requires Administrator+ privileges, but could be exposed to lower-privilege user...
WordPress plugin GSheetConnector For Gravity Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin GSheetConnector For Gravity Forms 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
PT-2025-41678
Name of the Vulnerable Software and Affected Versions GSheetConnector For Gravity Forms plugin for WordPress versions prior to 1.3.24 Description The software is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the activate plugin and deactivate plugin functions. Th...
WordPress plugin NEX-Forms – Ultimate Forms Plugin for WordPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...
PT-2025-41642
Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.6 Description The software is susceptible to SQL Injection through the orderby parameter within the nf load form entries action. Insufficient input sanitization and inadequat...
PT-2025-41677
Name of the Vulnerable Software and Affected Versions GSheetConnector For Gravity Forms plugin for WordPress versions prior to 1.3.28 Description The GSheetConnector For Gravity Forms plugin for WordPress is susceptible to an authorization bypass. This occurs because of a missing capability check...
WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.6 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by dutafi in WordPress Plugin NEX-Forms versions = 9.1.6...
CVE-2025-11437
A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...