Lucene search
K

685 matches found

EUVD
EUVD
added 2026/04/08 12:30 a.m.5 views

EUVD-2026-19994

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS6.1AI score0.00356EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/08 12:30 a.m.3 views

EUVD-2026-19990

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS6.1AI score0.00291EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 12:16 a.m.4 views

CVE-2026-4394

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS0.00291EPSS
Exploits0References6
NVD
NVD
added 2026/04/08 12:16 a.m.6 views

CVE-2026-4406

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS0.00356EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31112

Name of the Vulnerable Software and Affected Versions The Magic Conversation For Gravity Forms plugin for WordPress versions up to and including 3.0.97 Description The Magic Conversation For Gravity Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting through the...

6.4CVSS5.9AI score0.00236EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.7AI score0.00291EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.5 views

WordPress plugin Magic Conversation For Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00236EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.7CVSS5.7AI score0.00356EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/07 11:25 p.m.2 views

CVE-2026-4394 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS6.1AI score0.00291EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/07 11:25 p.m.22 views

CVE-2026-4394 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input.4 in all versions up to, and including, 2.9.30. This is due to the getvalueentrydetail method in the GFFieldCreditCard class outputting the card type value...

6.1CVSS0.00291EPSS
Exploits0References6
CVE
CVE
added 2026/04/07 11:25 p.m.11 views

CVE-2026-4394

Gravity Forms for WordPress (&lt;= 2.9.30) is vulnerable to unauthenticated stored XSS via the Credit Card field’s Card Type sub-field (input_.4). The get_value_entry_detail() method outputs the card type value without escaping, while get_value_save_entry() accepts and stores unsanitized input fo...

6.1CVSS6.1AI score0.00291EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/07 11:25 p.m.20 views

CVE-2026-4406 Gravity Forms <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS0.00356EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/07 11:25 p.m.6 views

CVE-2026-4406 Gravity Forms <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS6.1AI score0.00356EPSS
Exploits0References6
CVE
CVE
added 2026/04/07 11:25 p.m.12 views

CVE-2026-4406

The CVE concerns Gravity Forms for WordPress (≤ 2.9.30) with a Reflected XSS in the gform_get_config AJAX action via the form_ids parameter. The root cause is that GFCommon::send_json() returns JSON wrapped in HTML comments using echo/wp_die(), sending a text/html header instead of application/js...

4.7CVSS6.1AI score0.00356EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-31049

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field input .4 in all versions up to, and including, 2.9.30. This is due to the get value entry detail method in the GF Field CreditCard class outputting the card type...

6.1CVSS6.1AI score0.00291EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-31051

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the form ids parameter in the gform get config AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::send json method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS6.1AI score0.00356EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.3 views

CVE-2026-3492

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/12 7:26 a.m.6 views

WordPress Gravity Forms plugin <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Form Title vulnerability discovered by hoshino in WordPress Plugin Gravity Forms versions = 2.9.28...

6.4CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/11 12:31 p.m.4 views

EUVD-2026-11133

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 2026/03/11 10:16 a.m.3 views

CVE-2026-3492

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on the createfromtemplate AJAX endpoint allowing any authenticated user to create forms, insufficie...

6.4CVSS0.00203EPSS
Exploits0References2
Rows per page
Query Builder