CVE-2024-13470

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

WordPress Ninja Forms plugin <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Ninja Forms versions = 3.8.24...

CVE-2024-13470

CVE-2024-13470 affects Ninja Forms – The Contact Form Builder That Grows With You (WordPress) and is vulnerable in all versions up to 3.8.24 due to insufficient input sanitization and output escaping on shortcode attributes. This enables a stored cross-site scripting (XSS) payload by authenticate...

CVE-2024-13470 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2024-13470 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

WordPress plugin Ninja Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-2186 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.24 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcode due to insufficient input...

org.apache.cocoon:cocoon-apples-sample (=2.3.0), org.apache.cocoon:cocoon-dist-samples (=2.3.0) +8 more potentially affected by CVE-2025-24783 via org.apache.cocoon:cocoon-forms-impl (=2.3.0)

org.apache.cocoon:cocoon-forms-impl MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cocoon:cocoon-forms-impl and may be impacted: - org.apache.cocoon:cocoon-apples-sample =2.3.0 - org.apache.cocoon:cocoon-dist-samples...

CVE-2025-24708

CVE-2025-24708 is a reflected XSS in the WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin. Affected versions are up to 1.1.6. Root cause: improper input neutralization during web page generation. The CVE entry is present in multiple feeds; Patch status ind...

WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.6...

PT-2025-5522 · Unknown · Dynamics Crm

Name of the Vulnerable Software and Affected Versions: WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions 1.1.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected...

CVE-2025-23921

Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through = 1.1.3...

CVE-2025-23921 WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through = 1.1.3...

CVE-2025-23921 WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through = 1.1.3...

CVE-2025-23921

The vulnerability CVE-2025-23921 affects the WordPress plugin Multi Uploader for Gravity Forms (notFound) and is described as Unrestricted Upload of File with Dangerous Type, enabling uploading a web shell to the web server. Public details indicate the issue affects versions from an unspecified s...

WordPress plugin AI Power 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin Multi Uploader for Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2024-54795

SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting XSS vulnerabilities in the create/edit forms of the worksheet designer function...

CVE-2025-22727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...

CVE-2025-22727 WordPress MailChimp Subscribe Form plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps MailChimp Subscribe Forms mailchimp-subscribe-sm allows Stored XSS.This issue affects MailChimp Subscribe Forms : from n/a through = 4.1...