CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

674 matches found

Nuclei•added yesterday•25 views

Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter. id: CVE-2014-45...

6.1CVSS6.4AI score0.02649EPSS

Exploits2References5

NVD•added 3 days ago•7 views

CVE-2026-48866

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS0.00034EPSS

Exploits0References1

Cvelist•added 3 days ago•23 views

CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS0.00034EPSS

Exploits0References1

CVE•added 3 days ago•9 views

CVE-2026-48866

CVE-2026-48866 concerns Gravity Forms for WordPress (Gravity Forms

9.6CVSS5.8AI score0.00034EPSS

Exploits0References1

EUVD•added 3 days ago•5 views

EUVD-2026-33650

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.8AI score0.00034EPSS

Exploits0References1

Vulnrichment•added 3 days ago•5 views

CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

9.6CVSS5.8AI score0.00034EPSS

Exploits0References1

Patchstack•added 3 days ago•6 views

WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Gravity Forms versions = 2.10.0.1...

9.6CVSS5.8AI score0.00034EPSS

Exploits0Affected Software1

Positive Technologies•added 3 days ago•7 views

PT-2026-45440

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.10.0.2 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in Gravity Forms. This allows an attacker to access files and directories outside of the...

9.6CVSS5.8AI score0.00034EPSS

Exploits0References4

CNNVD•added 3 days ago•3 views

WordPress plugin Gravity Forms has a path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.6CVSS5.8AI score0.00034EPSS

Exploits0References1

Patchstack•added 2026/05/05 11:30 a.m.•2 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/05 11:29 a.m.•3 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/05 11:28 a.m.•3 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/05 11:8 a.m.•2 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/05 11:7 a.m.•4 views

WordPress Gravity Forms plugin <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.10.0...

7.2CVSS5.8AI score0.00021EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/05/04 8:21 p.m.•1 views

CVE-2026-5112

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...

7.2CVSS6AI score0.00021EPSS

Exploits0References1

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-5111

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...

7.2CVSS6AI score0.00021EPSS

Exploits0References1

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-5110

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

7.2CVSS6AI score0.00021EPSS

Exploits0References1

RedhatCVE•added 2026/05/04 8:21 p.m.•3 views

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS6AI score0.00021EPSS

Exploits0References1

RedhatCVE•added 2026/05/04 8:21 p.m.•1 views

CVE-2026-5109

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

7.2CVSS6AI score0.00021EPSS

Exploits0References1

NVD•added 2026/05/02 6:16 a.m.•1 views

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

7.2CVSS0.00021EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by