CVE-2026-24363 WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WPEstimationForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.3.0...

CVE-2026-24363

CVE-2026-24363 is tied to the WordPress plugin WP Cost Estimation & Payment Forms Builder (component: WP_Estimation_Form). The vulnerability arises from incorrectly configured access control security levels in the form component, effectively causing a Missing Authorization/Broken Access Control i...

CVE-2026-24363 WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WPEstimationForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.3.0...

CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2026-24750

Kiteworks Secure Data Forms (before v9.2.1) is affected by an Stored XSS in the web-page generation step when modifying forms, caused by improper input neutralization. An authenticated attacker can exploit this with access to form modification flows. A patch is available in version 9.2.1 and late...

EUVD-2026-15455

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

Exploit for CVE-2026-3584

CVE-2026-3584 – WordPress Kali Forms 10000 e 'PHP Version'...

PT-2026-28041

Name of the Vulnerable Software and Affected Versions CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions through 1.1.5 Description An authorization issue exists in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja...

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained a cross-site...

WordPress plugin WP Cost Estimation & Payment Forms Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

Kiteworks Secure Data Forms 代码问题漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks, which offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 had code vulnerabilities due to lack of validation, which...

PT-2026-27945

Name of the Vulnerable Software and Affected Versions CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions through 1.2.2 Description An authorization issue exists in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms...

WordPress plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be integrated...

Kiteworks Secure Data Forms 安全漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks. It offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 contained security vulnerabilities. These vulnerabilities wer...

PT-2026-28066

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

PT-2026-27850

Name of the Vulnerable Software and Affected Versions loopus WP Cost Estimation & Payment Forms Builder versions prior to 10.3.0 Description An authorization issue exists in loopus WP Cost Estimation & Payment Forms Builder’s WP Estimation Form component. The issue stems from incorrectly configur...

PT-2026-28067

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

Kiteworks Secure Data Forms 跨站脚本漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks. It offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 had a cross-site scripting vulnerability. This vulnerability...

PT-2026-27785

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.1 Description Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation, resulting in Stored...

WordPress Integration with Hubspot Forms plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Integration with Hubspot Forms versions = 1.2.2...