8064 matches found
EUVD-2026-30176
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...
CVE-2020-37217
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=adduser endpoint with POST requests...
Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share
None...
CVE-2026-6828
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...
CVE-2026-6828
Fluent Forms for WordPress (versions
EUVD-2026-29897
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...
CVE-2026-6828 Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...
CVE-2026-6828 Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...
CVE-2026-6828
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...
PT-2026-40618
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add user endpoint with POST requests...
WordPress plugin Fluent Forms 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-40561
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permission message' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escapin...
Ninja Forms Uploads - Unauthenticated PHP File Upload
Exploit Title: Ninja Forms Uploads - Unauthenticated PHP File Upload Date: 2026-04-09 Exploit Author: Sélim Lanouar @whattheslime Vendor Homepage: https://ninjaforms.com/ Software Link: https://ninjaforms.com/extensions/file-uploads/ Version: 3.3.24 Tested on: WordPress 6.9.3 on Apache and Nginx...
CVE-2026-34686 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
EUVD-2026-29450
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
CVE-2026-42742
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through = 3.4.6...
CVE-2026-42741
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
CVE-2026-42741
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views - Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views - Display & Edit Ninja...
CVE-2026-42741
Technical details about CVE-2026-42741 are not publicly available in the provided documents; monitor for updates.