WordPress Store Locator Plus® – Gravity Forms Locations plugin < 5.9.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Store Locator Plus® – Gravity Forms Locations plugin versions 5.9.1. Solution Update the WordPress Store Locator Plus® – Gravity Forms Locations plugin to the latest available version at least 5.9.1...

WordPress Gravity Forms Sticky List plugin <= 1.5.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Gravity Forms Sticky List plugin versions = 1.5.2. Solution No patched version available...

WordPress Forms to Sheets plugin <= 2.1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Forms to Sheets plugin versions = 2.1.1. Solution No patched version available...

WordPress "Any Popup – Popup Forms, Optins & Ads" plugin <= 1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress "Any Popup – Popup Forms, Optins & Ads" plugin versions = 1.0. Solution No patched version available...

WordPress Multi Page Auto Advance for Gravity Forms plugin <= 4.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Multi Page Auto Advance for Gravity Forms plugin versions = 4.2. Solution Update the WordPress Multi Page Auto Advance for Gravity Forms plugin to the latest available version at least 4.3...

WordPress Contact Form 7 Multi-Step Forms plugin < 4.1.91 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 Multi-Step Forms plugin versions 4.1.91. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 4.1.91...

WordPress Automizy Gravity Forms plugin <= 1.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Automizy Gravity Forms plugin versions = 1.0.3. Solution No patched version available...

WordPress Block Styler For Gravity Forms plugin <= 5.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Block Styler For Gravity Forms plugin versions = 5.0.0. Solution No patched version available...

WordPress Forms to Sendinblue plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Forms to Sendinblue plugin versions = 1.0.1. Solution No patched version available...

WordPress Ninja Forms Google Sheet Connector plugin < 1.2.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Ninja Forms Google Sheet Connector plugin versions 1.2.2. Solution Update the WordPress Ninja Forms Google Sheet Connector plugin to the latest available version at least 1.2.2...

WordPress Multi Page Auto Advance for Gravity Forms plugin <= 4.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Multi Page Auto Advance for Gravity Forms plugin versions = 4.2. Solution Update the WordPress Multi Page Auto Advance for Gravity Forms plugin to the latest available version at least 4.3...

WordPress Forms to Klaviyo plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Forms to Klaviyo plugin versions = 1.0.0. Solution No patched version available...

WordPress Emails Blacklist for Everest Forms plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Emails Blacklist for Everest Forms plugin versions = 1.0.1. Solution Update the WordPress Emails Blacklist for Everest Forms plugin to the latest available version at least 1.0.2...

WordPress Emails Blacklist for Everest Forms plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Emails Blacklist for Everest Forms plugin versions = 1.0.1. Solution Update the WordPress Emails Blacklist for Everest Forms plugin to the latest available version at least 1.0.2...

WordPress Ninja Forms Google Sheet Connector plugin < 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ninja Forms Google Sheet Connector plugin versions 1.2.2. Solution Update the WordPress Ninja Forms Google Sheet Connector plugin to the latest available version at least 1.2.2...

WordPress SV Gravity Forms Enhancer plugin <= 1.4.05 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress SV Gravity Forms Enhancer plugin versions = 1.4.05. Solution Update the WordPress SV Gravity Forms Enhancer plugin to the latest available version at least 1.8.00...

WordPress SV Gravity Forms Enhancer plugin <= 1.4.05 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress SV Gravity Forms Enhancer plugin versions = 1.4.05. Solution Update the WordPress SV Gravity Forms Enhancer plugin to the latest available version at least 1.8.00...

EUVD-2022-15747

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the siteurl parameter found in the /assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a...

CVE-2021-25100

The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...

CVE-2021-25100 Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

The GiveWP WordPress plugin before 2.17.3 does not escape the s parameter before outputting it back in an attribute in the Donation Forms dashboard, leading to a Reflected Cross-Site Scripting...