Lucene search
K

687 matches found

Cvelist
Cvelist
added yesterday10 views

CVE-2026-61955 WordPress گرویتی فرم فارسی plugin <= 3.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS0.00383EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-61955

CVE-2026-61955 concerns a SQL Injection in the WordPress plugin persian-gravity-forms (Gرویتی فرم فارسی) by Hannan, with vulnerability up to version

7.6CVSS6.1AI score0.00383EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday79 views

Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter. id: CVE-2014-45...

6.1CVSS6.5AI score0.03902EPSS
Exploits2References5
NVD
NVD
added 2026/06/25 4:17 a.m.7 views

CVE-2026-2508

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 3:42 a.m.9 views

EUVD-2026-39167

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.34 views

CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 3:42 a.m.12 views

CVE-2026-2508

CVE-2026-2508 affects the Gravity Forms Booking plugin for WordPress, all versions up to and including 2.7.1. The vulnerability is a time-based SQL Injection via the 'staff_id' parameter caused by insufficient escaping and lack of proper query preparation. Authenticated attackers with Subscriber-...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/06/23 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS6.7AI score0.00737EPSS
In wildExploits0References2
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.86 views

📄 WordPress Gravity Forms 2.10.0.1 File Deletion / Path Traversal

This Metasploit module exploits a vulnerability in the Gravity Forms WordPress plugin versions 2.10.0.1 and below where file URLs stored in form entries are not properly validated. An attacker can inject a crafted entry containing path traversal sequences ../ to reference files outside the intend...

9.6CVSS5.3AI score0.005EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4394

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS5.7AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.8 views

CVE-2026-4406

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS5.7AI score0.00356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.12 views

CVE-2026-48866

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.4AI score0.005EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/06/05 1:38 p.m.101 views

Exploit for CVE-2026-48866

--- ┌────────────────────────────────────────────────────...

9.6CVSS5.6AI score0.005EPSS
Exploits2
NVD
NVD
added 2026/06/01 3:16 p.m.23 views

CVE-2026-48866

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS0.005EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/01 2:39 p.m.30 views

CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS0.005EPSS
Exploits2References1
CVE
CVE
added 2026/06/01 2:39 p.m.55 views

CVE-2026-48866

CVE-2026-48866 concerns Gravity Forms for WordPress (Gravity Forms

9.6CVSS5.8AI score0.005EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/01 2:39 p.m.15 views

EUVD-2026-33650

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.8AI score0.005EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/06/01 2:39 p.m.13 views

CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.8AI score0.005EPSS
Exploits2References1
Patchstack
Patchstack
added 2026/06/01 1:42 p.m.14 views

WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Gravity Forms versions = 2.10.0.1...

9.6CVSS5.8AI score0.005EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

WordPress plugin Gravity Forms 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.6CVSS5.4AI score0.005EPSS
Exploits2References1
Rows per page
Query Builder