Lucene search
K

685 matches found

CVE
CVE
added 2026/03/11 9:25 a.m.13 views

CVE-2026-3492

The Gravity Forms WordPress plugin (all versions up to 2.9.28.1) is vulnerable to Stored XSS due to a trio of issues: (1) missing authorization on the create_from_template AJAX endpoint allowing any authenticated user to create forms, (2) insufficient input sanitization where sanitize_text_field(...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 9:25 a.m.3 views

CVE-2026-3492 Gravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 9:25 a.m.27 views

CVE-2026-3492 Gravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

6.4CVSS0.00203EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 9:25 a.m.3 views

CVE-2026-3492

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.3 views

PT-2026-24658

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the create from template AJAX endpoint allowing any authenticated user to create forms,...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.7 views

CVE-2025-68863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through = 1.3.2...

7.1CVSS5.5AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.3 views

CVE-2025-68863

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through = 1.3.2...

7.1CVSS0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.3 views

CVE-2025-68863 WordPress iContact for Gravity Forms plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through = 1.3.2...

5.3AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.25 views

CVE-2025-68863 WordPress iContact for Gravity Forms plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through = 1.3.2...

7.1CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.10 views

CVE-2025-68863

CVE-2025-68863 corresponds to a Reflected XSS in the WordPress plugin “iContact for Gravity Forms” (gravity-forms-icontact) up to version 1.3.2. The vulnerability arises from improper input neutralization during web page generation, enabling an attacker to inject scripts when a victim views a cra...

7.1CVSS5.5AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21117

Name of the Vulnerable Software and Affected Versions iContact for Gravity Forms versions through 1.3.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Reflected Cross-site Scripting XSS. This allows an attacker to inject...

5.4AI score0.00186EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.6 views

WordPress plugin iContact for Gravity Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.1CVSS5.6AI score0.00186EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/05 8:36 a.m.7 views

WordPress iContact for Gravity Forms plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin iContact for Gravity Forms versions = 1.3.2...

7.1CVSS5.3AI score0.00186EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:34 a.m.8 views

CVE-2017-18495

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

6.1CVSS6.9AI score0.00915EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.9 views

CVE-2025-23921

Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through = 1.1.3...

9CVSS7.2AI score0.00508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 5:33 p.m.10 views

CVE-2025-62099

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

4.3CVSS5.9AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 5:15 p.m.4 views

CVE-2025-62099

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

4.3CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 4:41 p.m.24 views

CVE-2025-62099 WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through = 1.8.6...

4.3CVSS0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 4:41 p.m.4 views

EUVD-2025-206003

Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through 1.8.6...

4.3CVSS6.5AI score0.00198EPSS
Exploits0References2
Rows per page
Query Builder