CVE-2025-69326 WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

CVE-2025-68863 WordPress iContact for Gravity Forms plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through = 1.3.2...

CVE-2025-68863 WordPress iContact for Gravity Forms plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through = 1.3.2...

CVE-2025-68863

CVE-2025-68863 corresponds to a Reflected XSS in the WordPress plugin “iContact for Gravity Forms” (gravity-forms-icontact) up to version 1.3.2. The vulnerability arises from improper input neutralization during web page generation, enabling an attacker to inject scripts when a victim views a cra...

CVE-2026-25420

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through = 1.7.18...

CVE-2026-22422

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through = 3.4.1...

PT-2026-21142

Name of the Vulnerable Software and Affected Versions Basix NEX-Forms versions through 9.1.7 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting XSS condition. This allows an attacke...

WordPress plugin iContact for Gravity Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin PDF for Elementor Forms + Drag And Drop Template Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-21198

Name of the Vulnerable Software and Affected Versions PDF for Elementor Forms + Drag And Drop Template Builder versions through 6.3.1 Description A missing authorization issue exists in PDF for Elementor Forms + Drag And Drop Template Builder. The issue involves exploiting incorrectly configured...

WordPress plugin NEX-Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin NEX-Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-21117

Name of the Vulnerable Software and Affected Versions iContact for Gravity Forms versions through 1.3.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Reflected Cross-site Scripting XSS. This allows an attacker to inject...

PT-2026-21140

Name of the Vulnerable Software and Affected Versions Basix NEX-Forms versions through 9.1.7 Description The software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means that malicious code can be embedded in we...

CVE-2026-27474

CVE-2026-27474 affects SPIP prior to 4.4.9, where the private area is vulnerable to Cross-Site Scripting due to incomplete application of the echappe_anti_xss() filter to input, form, button, and anchor tags. The issue compounds an incomplete fix from SPIP 4.4.8 and is not mitigated by the securi...

CVE-2026-27474 SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

CVE-2025-71249

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-71249

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2026-25420

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through = 1.7.18...

CVE-2026-22422

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through = 3.4.1...