PT-2025-4652 · Unknown · Pluginops Mailchimp Subscribe Forms

Name of the Vulnerable Software and Affected Versions: PluginOps MailChimp Subscribe Forms versions prior to 4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means an attacker can inject...

WordPress plugin MailChimp Subscribe Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-54795

CVE-2024-54795 affects the open‑source BI suite SpagoBI v3.5.1 and earlier . Multiple stored XSS vulnerabilities exist in the worksheet designer’s create/edit forms. Exploitation requires user interaction and sufficient permissions to access the worksheet designer, enabling an attacker to inject ...

WordPress Import Excel to Gravity Forms Plugin <= 1.18 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin Import Excel to Gravity Forms versions = 1.18...

CVE-2024-13377

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-13378

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘stylesettings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-13378 GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘stylesettings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-13378 GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘stylesettings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-13378

CVE-2024-13378 (Gravity Forms, WordPress) : Stored Cross-Site Scripting via the style_settings parameter in Gravity Forms versions 2.9.0.1–2.9.1.3 due to insufficient input sanitization and output escaping. Vulnerability allows unauthenticated attackers to inject scripts that execute when a user ...

CVE-2024-13377 GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-13377

The CVE-2024-13377 entry refers to the Gravity Forms plugin for WordPress, vulnerable to a Stored Cross-Site Scripting (Stored XSS) via the alt parameter in all versions up to and including 2.9.1.3. The underlying cause is insufficient input sanitization and output escaping, enabling unauthentica...

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

PT-2025-2141 · WordPress · Gravity Forms

Name of the Vulnerable Software and Affected Versions: Gravity Forms plugin for WordPress versions up to, and including, 2.9.1.3 Description: The issue is related to Stored Cross-Site Scripting via the alt parameter due to insufficient input sanitization and output escaping. This allows...

PT-2025-2142 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Gravity Forms plugin for WordPress versions 2.9.0.1 through 2.9.1.3 Description: The issue concerns a Stored Cross-Site Scripting vulnerability via the style settings parameter due to insufficient input sanitization and output escaping. This...

WordPress GravityForms plugin <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'alt' parameter vulnerability discovered by mikemyers in WordPress Plugin Gravity Forms versions = 2.9.1.3...

WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin Multi Uploader for Gravity Forms versions = 1.1.3...

WordPress Rebrand Fluent Forms Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Rebrand Fluent Forms versions = 1.0...

WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika in WordPress Plugin WAH Forms versions = 1.0...

CVE-2025-22752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11...