Lucene search
K

685 matches found

Vulnrichment
Vulnrichment
added 2025/12/31 4:41 p.m.3 views

CVE-2025-62099 WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through 1.8.6...

4.3CVSS6.6AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 4:41 p.m.12 views

CVE-2025-62099

Technical details for CVE-2025-62099 are not provided in the supplied documents. The initial description notes a Missing Authorization issue in the Gravity Forms Signature Add-On (gravity-signature-forms-add-on) up to v1.8.6, but no exploits, vectors, or fixes are disclosed here.

4.3CVSS5.9AI score0.00198EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 4:23 p.m.7 views

WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Signature Add-On for Gravity Forms versions = 1.8.6...

4.3CVSS6.8AI score0.00198EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.4 views

WordPress plugin Signature Add-On for Gravity Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A security vulnerabilit...

4.3CVSS6.4AI score0.00198EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter vulnerability

WordPress GravityForms plugin 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'stylesettings' parameter vulnerability discovered by mikemyers in WordPress Plugin Gravity Forms versions 2.9.0.1-2.9.1.3...

5.4CVSS5.4AI score0.00281EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.6 views

PT-2025-54392

Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through 1.8.6...

4.3CVSS7AI score0.00198EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/30 12:0 a.m.5 views

WordPress Gravity Forms plugin file upload vulnerability

WordPress Gravity Forms plugin is a popular WordPress plugin for creating and managing various types of forms. A file upload vulnerability exists in the WordPress Gravity Forms plugin, which stems from the chunked upload feature failing to prevent dangerous file uploads, no details of the...

6.8CVSS6.9AI score0.00315EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/12/25 6:51 a.m.9 views

WordPress GravityForms plugin < 2.9.23.1 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Marc Montpas in WordPress Plugin Gravity Forms versions 2.9.23.1...

6.8CVSS6.7AI score0.00315EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/25 6:20 a.m.12 views

CVE-2025-13407

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

6.8CVSS7.3AI score0.00315EPSS
Exploits2References1
NVD
NVD
added 2025/12/24 6:15 a.m.7 views

CVE-2025-13407

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

6.8CVSS0.00315EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/12/24 6:0 a.m.28 views

CVE-2025-13407 GravityForms < 2.9.23.1 - Unauthenticated Arbitrary File Upload

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

0.00315EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/12/24 6:0 a.m.10 views

CVE-2025-13407 GravityForms < 2.9.23.1 - Unauthenticated Arbitrary File Upload

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload...

6.9AI score0.00315EPSS
Exploits2References1
CVE
CVE
added 2025/12/24 6:0 a.m.31 views

CVE-2025-13407

The CVE concerns the Gravity Forms WordPress plugin (versions prior to 2.9.23.1). A flaw in the chunked upload feature allows uploading of dangerous files (e.g., PHP) to the upload path, enabling Remote Code Execution if the path is discovered or enumerated. Several connected sources corroborate ...

6.8CVSS6.9AI score0.00315EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.6 views

WordPress plugin Gravity Forms 安全漏洞

WordPress Gravity Forms plugin is a popular WordPress plugin for creating and managing various types of forms. A file upload vulnerability exists in the WordPress Gravity Forms plugin, which stems from the chunked upload feature failing to prevent dangerous file uploads, no details of the...

6.8CVSS6.5AI score0.00315EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.5 views

PT-2025-52870

Name of the Vulnerable Software and Affected Versions Gravity Forms WordPress plugin versions prior to 2.9.23.1 Description The Gravity Forms WordPress plugin does not properly prevent users from uploading dangerous files through its chunked upload functionality. This allows attackers to upload P...

6.8CVSS7AI score0.00315EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.6 views

CVE-2025-60080

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...

7.5CVSS5.9AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.5 views

CVE-2025-60178

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.6...

9.8CVSS7AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.4 views

CVE-2025-60174

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through = 1.1.2...

9.8CVSS7AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.5 views

CVE-2025-60091

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through = 1.2.9...

9.8CVSS7AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.5 views

CVE-2025-60090

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through = 1.1.6...

9.8CVSS7AI score0.00386EPSS
Exploits0References1
Rows per page
Query Builder