685 matches found
WordPress plugin WP Gravity Forms Constant Contact Plugin 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...
PT-2025-24175 · Unknown · Wp Gravity Forms Salesforce
Name of the Vulnerable Software and Affected Versions: WP Gravity Forms Salesforce versions 1.4.7 and earlier Description: The issue is an 'Open Redirect' vulnerability, which allows URL redirection to untrusted sites, potentially enabling phishing attacks. Recommendations: For versions 1.4.7 and...
PT-2025-24176 · WordPress · Wp Gravity Forms Constant Contact Plugin
Name of the Vulnerable Software and Affected Versions: WP Gravity Forms Constant Contact Plugin versions 1.1.0 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, which allows phishing. This vulnerability can be...
WordPress plugin WP Gravity Forms Salesforce 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...
WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Real Time Validation for Gravity Forms versions = 1.7.0...
VulnCheck KEV: CVE-2015-4455
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...
CVE-2024-52347
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...
CVE-2024-6550
The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. This is due to the plugin leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of...
CVE-2024-13378
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘stylesettings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-8718
The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2023-51358
Cross-Site Request Forgery CSRF vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1...
CVE-2023-28782
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...
CVE-2023-2701
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...
CVE-2023-2326
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
CVE-2022-3154
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in...
CVE-2020-27851
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...
CVE-2020-27850
A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...
CVE-2020-27852
A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...
CVE-2020-13764
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...
CVE-2015-10117
A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...