CVE-2025-22752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WesternDeal GSheetConnector for Forminator Forms gsheetconnector-forminator allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through = 1.0.12...

CVE-2025-22752 WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WesternDeal GSheetConnector for Forminator Forms gsheetconnector-forminator allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through = 1.0.12...

CVE-2025-22752 WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11...

CVE-2025-22752

The CVE-2025-22752 entry pertains to a WordPress plugin vulnerability: GSheetConnector for Forminator Forms (versions up to and including 1.0.11, with Patchstack noting up to 1.0.12). It is caused by improper neutralization of input during web page generation, enabling a Reflected Cross-Site Scri...

WordPress plugin GSheetConnector for Forminator Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-4673 · Unknown · Gsheetconnector For Forminator Forms

Name of the Vulnerable Software and Affected Versions: GSheetConnector for Forminator Forms versions 1.0.11 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inje...

WordPress PDF for WPForms plugin <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via yeepdfdotab Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin PDF for WPForms versions = 4.6.0...

Improper Input Validation

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Improper Input Validation due to the lack of server-side validation for character limits in short and long answer fields. An attacker can bypass client-side validations and submi...

GHSA-9V8M-QV22-F268 Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...

Umbraco Forms's Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length

Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2...

CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...

CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade...

CVE-2025-23041

Summary of CVE-2025-23041 : Umbraco.Forms (NuGet) suffers from server-side input validation risk due to character limit checks being enforced only on the client. The root cause is lack of server-side validation for maximum field length in short and long answer fields. Affected versions have patch...

WordPress GSheetConnector for Forminator Forms Plugin <= 1.0.12 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin GSheetConnector for Forminator Forms versions = 1.0.12...

Umbraco Forms 输入验证错误漏洞

Umbraco Forms is a form builder. An input validation error vulnerability exists in Umbraco Forms that stems from a short and long answer field character restriction for client-side validation only, which could lead to a data injection attack...

PT-2025-4787 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...

PT-2025-1974 · Givewp · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to 3.19.2 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input from the donation form, such as the firstName field...

CVE-2025-22813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Conversational Forms for ChatBot conversational-forms allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through = 1.4.2...

CVE-2025-22295

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and...

CVE-2025-22504

CVE-2025-22504 involves the 4ECPS Web Forms plugin. It is an Unrestricted Upload of File with Dangerous Type vulnerability that permits uploading a web shell to the server. Public details indicate affected software: 4ECPS Web Forms versions from unspecified start to 0.2.18. The CVE is linked to a...