685 matches found
CVE-2025-14344
CVE-2025-14344 : WordPress plugin Multi Uploader for Gravity Forms is vulnerable in all versions up to 1.1.7 due to insufficient file path validation in plupload_ajax_delete_file, enabling unauthenticated arbitrary file deletion on the server. Connected sources confirm the issue and note a patch ...
WordPress plugin Multi Uploader for Gravity Forms 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...
PT-2025-50865
Name of the Vulnerable Software and Affected Versions Multi Uploader for Gravity Forms plugin versions up to and including 1.1.7 Description The Multi Uploader for Gravity Forms plugin for WordPress is susceptible to arbitrary file deletion. Insufficient file path validation within the plupload...
CVE-2025-67587
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...
EUVD-2025-202066
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...
CVE-2025-67587
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...
CVE-2025-67587 WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...
CVE-2025-67587 WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through = 1.3.5...
CVE-2025-67587
CVE-2025-67587: Open Redirect in WP Gravity Forms FreshDesk Plugin (gf-freshdesk) up to version 1.3.5. This allows phishing via redirection to untrusted sites. Affected software is the gf-freshdesk component of the Gravity Forms FreshDesk plugin; remediation is to upgrade to a newer-than-1.3.5 re...
PT-2025-49961
Name of the Vulnerable Software and Affected Versions WP Gravity Forms FreshDesk Plugin versions through 1.3.5 Description The WP Gravity Forms FreshDesk Plugin contains a URL Redirection to Untrusted Site issue, also known as an 'Open Redirect'. This condition allows for potential phishing...
WordPress plugin WP Gravity Forms FreshDesk Plugin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-12974
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...
WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Bonds in WordPress Plugin WP Gravity Forms FreshDesk Plugin versions = 1.3.5...
EUVD-2025-197911
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...
CVE-2025-12974
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...
CVE-2025-12974
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...
CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...
CVE-2025-12974 Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...
CVE-2025-12974
The CVE concerns Gravity Forms for WordPress. Affected versions: all up to and including 2.9.21.1. Root cause: missing file-type validation in the legacy chunked upload, where .phar files aren’t blocked by the extension blacklist. Exploit scenario: unauthenticated attackers that can discover/enum...
PT-2025-47239
Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.9.22 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the legacy chunked upload mechanism. The extension blacklist...