Lucene search
K

685 matches found

CVE
CVE
added 2025/12/12 3:20 a.m.24 views

CVE-2025-14344

CVE-2025-14344 : WordPress plugin Multi Uploader for Gravity Forms is vulnerable in all versions up to 1.1.7 due to insufficient file path validation in plupload_ajax_delete_file, enabling unauthenticated arbitrary file deletion on the server. Connected sources confirm the issue and note a patch ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WordPress plugin Multi Uploader for Gravity Forms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...

9.8CVSS6.6AI score0.00459EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50865

Name of the Vulnerable Software and Affected Versions Multi Uploader for Gravity Forms plugin versions up to and including 1.1.7 Description The Multi Uploader for Gravity Forms plugin for WordPress is susceptible to arbitrary file deletion. Insufficient file path validation within the plupload...

9.8CVSS6.4AI score0.00459EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.6 views

CVE-2025-67587

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

4.7CVSS6.9AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202066

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

4.3CVSS6.3AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.8 views

CVE-2025-67587

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

4.7CVSS0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:14 p.m.22 views

CVE-2025-67587 WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

4.7CVSS0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.3 views

CVE-2025-67587 WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...

4.7CVSS6.5AI score0.00166EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.11 views

CVE-2025-67587

CVE-2025-67587: Open Redirect in WP Gravity Forms FreshDesk Plugin (gf-freshdesk) up to version 1.3.5. This allows phishing via redirection to untrusted sites. Affected software is the gf-freshdesk component of the Gravity Forms FreshDesk plugin; remediation is to upgrade to a newer-than-1.3.5 re...

4.7CVSS6.5AI score0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49961

Name of the Vulnerable Software and Affected Versions WP Gravity Forms FreshDesk Plugin versions through 1.3.5 Description The WP Gravity Forms FreshDesk Plugin contains a URL Redirection to Untrusted Site issue, also known as an 'Open Redirect'. This condition allows for potential phishing...

4.3CVSS6.5AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

WordPress plugin WP Gravity Forms FreshDesk Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.7CVSS6.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 4:16 a.m.6 views

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS7.7AI score0.00585EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/11/18 11:0 a.m.6 views

WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms FreshDesk Plugin versions = 1.3.5...

4.3CVSS7AI score0.00166EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/11/18 6:30 a.m.6 views

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS7.2AI score0.00585EPSS
Exploits0References5
OSV
OSV
added 2025/11/18 4:15 a.m.5 views

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS6.5AI score0.00585EPSS
Exploits0References4
NVD
NVD
added 2025/11/18 4:15 a.m.4 views

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS0.00585EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/18 3:27 a.m.9 views

CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS0.00585EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/18 3:27 a.m.3 views

CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS7.3AI score0.00585EPSS
Exploits0References4
CVE
CVE
added 2025/11/18 3:27 a.m.32 views

CVE-2025-12974

The CVE concerns Gravity Forms for WordPress. Affected versions: all up to and including 2.9.21.1. Root cause: missing file-type validation in the legacy chunked upload, where .phar files aren’t blocked by the extension blacklist. Exploit scenario: unauthenticated attackers that can discover/enum...

8.1CVSS7.3AI score0.00585EPSS
In wildExploits0References4
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.6 views

PT-2025-47239

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.9.22 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the legacy chunked upload mechanism. The extension blacklist...

8.1CVSS7.8AI score0.00585EPSS
Exploits0References16
Rows per page
Query Builder