CVE-2025-58842 WordPress Donation Forms WP by Givecloud Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in givecloud Donation Forms WP by Givecloud donation-forms-by-givecloud allows Stored XSS.This issue affects Donation Forms WP by Givecloud: from n/a through = 1.0.9...

CVE-2025-58842 WordPress Donation Forms WP by Givecloud Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in givecloud Donation Forms WP by Givecloud donation-forms-by-givecloud allows Stored XSS.This issue affects Donation Forms WP by Givecloud: from n/a through = 1.0.9...

WordPress Donation Forms WP by Givecloud Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Donation Forms WP by Givecloud versions = 1.0.9...

WordPress plugin Donation Forms WP by Givecloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Wapiti Web Application Vulnerability Scanner 3.2.5

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...

PT-2025-36181

Name of the Vulnerable Software and Affected Versions: givecloud Donation Forms WP by Givecloud versions through 1.0.9 Description: The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting XSS. Recommendations...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to not saving the request parameters in the portlet session. An attacker can exhaust system memory by sending crafted HTTP requests. Details Denial of Service DoS describes a family of attacks, all aimed at...

Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

GHSA-J4FW-4MHR-HC45 Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...

CVE-2025-43772

Kaleo Forms Admin in Liferay Portal (7.0.0–7.4.3.4) and Liferay DXP (7.4 GA, 7.3 GA–update 27) is affected by a DoS due to not restricting saving of request parameters in the portlet session. The root cause is unvalidated/unrestricted storage of request data in memory, enabling remote attackers t...

PT-2025-35865

Name of the Vulnerable Software and Affected Versions: Kaleo Forms Admin in Liferay Portal versions 7.0.0 through 7.4.3.4 Kaleo Forms Admin in Liferay DXP versions 7.3 GA through update 27 Kaleo Forms Admin in Liferay DXP version 7.4 GA Older unsupported versions Description: The application does...

WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Le Cong Danh vodanh in WordPress Plugin Contact Form By Mega Forms versions = 1.6.1...

CVE-2025-58639

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

CVE-2025-58639 WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

CVE-2025-58639 WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Mega Forms: from n/a through = 1.6.1...

CVE-2025-58639

CVE-2025-58639 (WordPress) : The vulnerability is in the WordPress plugin Contact Form By Mega Forms , affected versions up to 1.6.1 . The issue is a Missing/Broken Authorization flaw due to incorrectly configured access control, enabling unauthorized actions as described in multiple sources (Pat...

curl: libcurl: Host-Only Cookies Leak to Alternate IPv4 Forms

libcurl canonicalizes numeric IPv4 hostnames during URL parsing and redirect handling example: 127.000.000.001 to 127.0.0.1. When a host-only cookie no Domain= attribute is set, it is stored in the cookie jar with the host string 127.0.0.1. On redirect, even if the Location: contains an alias hos...