CVE-2025-6782

CVE-2025-6782 : GoZen Forms (WordPress) up to version 1.1.5 is vulnerable to unauthenticated SQL Injection through the dirGZActiveForm() function via the forms-id parameter. The root cause is insufficient escaping and lack of proper SQL query preparation, enabling an attacker to append additional...

CVE-2025-6783

CVE-2025-6783 (GoZen Forms, WordPress) is an unauthenticated SQL injection in the GoZen Forms plugin for WordPress (versions

CVE-2025-6783 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2025-6783 GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

WordPress plugin GoZen Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin GoZen Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-27852 · WordPress · Gozen Forms

Name of the Vulnerable Software and Affected Versions: GoZen Forms plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows unauthenticated attackers to perform SQL Injection via the forms-id parameter of the emdedSc function due to insufficient escaping on the...

PT-2025-27851 · WordPress · Gozen Forms

Name of the Vulnerable Software and Affected Versions: GoZen Forms plugin for WordPress versions prior to 1.1.5 Description: The issue allows for SQL Injection due to insufficient escaping on the forms-id parameter of the dirGZActiveForm function and lack of sufficient preparation on the existing...

CVE-2025-6464

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...

CVE-2025-6464

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...

CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...

CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...

CVE-2025-6463

The CVE-2025-6463 affects the WordPress Forminator Forms plugin (Contact/Payment/Custom Form Builder) versioned up to and including 1.44.2. The vulnerability arises from insufficient validation in entry_delete_upload_files, allowing unauthenticated attackers to inject arbitrary file paths into a ...

CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entrydeleteuploadfiles' function in all versions up to, and including, 1.44.2. This makes it possible for...

CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entrydeleteuploadfiles' function in all versions up to, and including, 1.44.2. This makes it possible for...

WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability

WordPress Everest Forms - Frontend Listing plugin = 1.0.5 - PHP Object Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Everest Forms - Frontend Listing versions = 1.0.5...

WordPress plugin Forminator Forms 问题漏洞

WordPress Forminator Forms is a powerful free form builder plugin that supports the creation of many types of interactive forms. WordPress Forminator Forms suffers from a code issue vulnerability that stems from deserializing untrusted inputs in the function entrydeleteuploadfiles, which can be...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-27602 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.44.2 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the entry...

WordPress Everest Forms Plugin <= 3.2.2 is vulnerable to PHP Object Injection

Software Everest Forms Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52709 Patch priority High CVSS severity High 9.8 Developer Everest Forms PSID ed6f018dd59f Credits Phat RiO - BlueRock Required privilege...