Lucene search
K

685 matches found

CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

WordPress plugin Gravity Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.1CVSS6.9AI score0.00585EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/17 10:0 p.m.6 views

WordPress Gravity Forms plugin <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload vulnerability

Unauthenticated Arbitrary File Upload via Legacy Chunked Upload vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.21.1...

8.1CVSS7.1AI score0.00585EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/11/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS6.5AI score0.00585EPSS
In wildExploits0References2
CNVD
CNVD
added 2025/11/12 12:0 a.m.6 views

WordPress Gravity Forms plugin arbitrary file upload vulnerability

WordPress Gravity Forms plugin is a professional forms plugin for the WordPress platform, mainly used to create and manage various interactive forms, supporting data collection, payment processing, workflow automation and other features. WordPress Gravity Forms plugin has an arbitrary file upload...

9.8CVSS8.3AI score0.00674EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/08 7:41 a.m.9 views

CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS7.5AI score0.00674EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.7 views

CVE-2025-58636

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through = 1.2.3...

9.8CVSS7AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.5 views

CVE-2025-49905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginsCafe Range Slider Addon for Gravity Forms range-slider-addon-for-gravity-forms allows Reflected XSS.This issue affects Range Slider Addon for Gravity Forms: from n/a through = 1.1.6...

7.1CVSS6.4AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.4 views

CVE-2025-48330

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusion.This issue affects Real Time Validation for Gravity Forms...

7.5CVSS7.1AI score0.0036EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 5:15 a.m.9 views

CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS0.00674EPSS
Exploits0References3
OSV
OSV
added 2025/11/07 5:15 a.m.5 views

CVE-2025-12352

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS6.5AI score0.00674EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/07 4:28 a.m.6 views

CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS0.00674EPSS
Exploits0References3
CVE
CVE
added 2025/11/07 4:28 a.m.30 views

CVE-2025-12352

The CVE-2025-12352 issue affects the WordPress Gravity Forms plugin, specifically versions up to and including 2.9.20. The vulnerability arises from missing file type validation in the copy_post_image() function, allowing unauthenticated attackers to upload arbitrary files to the affected site’s ...

9.8CVSS7.1AI score0.00674EPSS
In wildExploits0References3
EUVD
EUVD
added 2025/11/07 4:28 a.m.4 views

EUVD-2025-38238

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS7AI score0.00674EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/07 4:28 a.m.3 views

CVE-2025-12352 Gravity Forms <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image'

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copypostimage function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's serv...

9.8CVSS7.1AI score0.00674EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/07 1:45 a.m.9 views

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

Unauthenticated Arbitrary File Upload via 'copypostimage' vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.20...

9.8CVSS6.7AI score0.00674EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.4 views

WordPress plugin Gravity Forms 代码问题漏洞

WordPress Gravity Forms plugin is a professional forms plugin for the WordPress platform, mainly used to create and manage various interactive forms, supporting data collection, payment processing, workflow automation and other features. WordPress Gravity Forms plugin has an arbitrary file upload...

9.8CVSS7.8AI score0.00674EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.6 views

PT-2025-45404

Name of the Vulnerable Software and Affected Versions Gravity Forms versions up to and including 2.9.20 Description The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the copy post image function. This allows...

9.8CVSS6.3AI score0.00674EPSS
Exploits0References17
NVD
NVD
added 2025/11/06 4:15 p.m.4 views

CVE-2025-58636

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through = 1.2.3...

9.8CVSS0.00409EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:15 p.m.4 views

CVE-2025-49905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginsCafe Range Slider Addon for Gravity Forms range-slider-addon-for-gravity-forms allows Reflected XSS.This issue affects Range Slider Addon for Gravity Forms: from n/a through = 1.1.6...

7.1CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:15 p.m.2 views

CVE-2025-48330

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusion.This issue affects Real Time Validation for Gravity Forms...

7.5CVSS0.0036EPSS
Exploits0References1
Rows per page
Query Builder