Lucene search
K

685 matches found

CNNVD
CNNVD
added 2025/06/06 12:0 a.m.4 views

WordPress plugin WP Gravity Forms Constant Contact Plugin 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

4.7CVSS5AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.5 views

PT-2025-24175 · Unknown · Wp Gravity Forms Salesforce

Name of the Vulnerable Software and Affected Versions: WP Gravity Forms Salesforce versions 1.4.7 and earlier Description: The issue is an 'Open Redirect' vulnerability, which allows URL redirection to untrusted sites, potentially enabling phishing attacks. Recommendations: For versions 1.4.7 and...

4.7CVSS4.6AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.5 views

PT-2025-24176 · WordPress · Wp Gravity Forms Constant Contact Plugin

Name of the Vulnerable Software and Affected Versions: WP Gravity Forms Constant Contact Plugin versions 1.1.0 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, which allows phishing. This vulnerability can be...

4.7CVSS4.4AI score0.00263EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.4 views

WordPress plugin WP Gravity Forms Salesforce 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...

4.7CVSS5AI score0.00263EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/05/30 10:3 a.m.10 views

WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Real Time Validation for Gravity Forms versions = 1.7.0...

7.1CVSS5.9AI score0.00185EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/05/27 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-4455

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

9.8CVSS6.2AI score0.41478EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.5 views

CVE-2024-52347

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...

6.5CVSS7.3AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.8 views

CVE-2024-6550

The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. This is due to the plugin leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of...

5.3CVSS6.6AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.12 views

CVE-2024-13378

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘stylesettings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.4CVSS6AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:17 a.m.8 views

CVE-2024-8718

The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.4AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:0 a.m.9 views

CVE-2023-51358

Cross-Site Request Forgery CSRF vulnerability in Bright Plugins Block IPs for Gravity Forms.This issue affects Block IPs for Gravity Forms: from n/a through 1.0.1...

8.8CVSS8.5AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:50 a.m.9 views

CVE-2023-28782

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3...

9.8CVSS8.9AI score0.00616EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:30 a.m.8 views

CVE-2023-2701

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

6.1CVSS6.2AI score0.00482EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.22 views

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

6.5CVSS7AI score0.00307EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:52 p.m.7 views

CVE-2022-3154

The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in...

7.1CVSS6.8AI score0.00337EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.9 views

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role...

5.4CVSS7.2AI score0.00607EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 p.m.7 views

CVE-2020-27850

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.8CVSS5.5AI score0.00616EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.11 views

CVE-2020-27852

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...

5.4CVSS5.5AI score0.00607EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.7 views

CVE-2020-13764

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5CVSS6.9AI score0.0183EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:40 a.m.15 views

CVE-2015-10117

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address...

6.1CVSS6.3AI score0.00607EPSS
Exploits0References1
Rows per page
Query Builder