Lucene search
K

1275 matches found

CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.6 views

PT-2026-36574

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

7.2CVSS6AI score0.00247EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.11 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.11 views

PT-2026-36577

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wp kses, combined with insufficient output...

7.2CVSS6AI score0.00239EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/01 9:16 a.m.6 views

WordPress Smart phone field for Gravity Forms plugin <= 2.1.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Smart phone field for Gravity Forms versions = 2.1.6...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/16 3:31 a.m.10 views

EUVD-2026-23145

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.6AI score0.0064EPSS
Exploits0References5
NVD
NVD
added 2026/04/16 2:16 a.m.6 views

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS0.0064EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/16 1:10 a.m.8 views

CVE-2026-40504 Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.6AI score0.0064EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/16 1:10 a.m.32 views

CVE-2026-40504 Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS0.0064EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/16 1:10 a.m.2 views

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.6AI score0.0064EPSS
Exploits0References5
CVE
CVE
added 2026/04/16 1:10 a.m.16 views

CVE-2026-40504

CVE-2026-40504 affects Creolabs Gravity prior to 0.9.6. A heap buffer overflow in gravity_vm_exec can be triggered by scripts containing many string literals at global scope, with insufficient bounds checking in gravity_fiber_reassign() that can corrupt heap metadata and lead to arbitrary code ex...

9.8CVSS6.6AI score0.0064EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

Gravity 安全漏洞

Gravity is a powerful, dynamically typed, lightweight, and embeddable programming language developed by Marco Bambini individually. It is used for procedural programming, object-oriented programming, functional programming, and data-driven programming. Versions of Gravity prior to 0.9.6 contained...

9.8CVSS6.3AI score0.0064EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.9 views

PT-2026-33221

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity vm exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity fiber reassi...

9.8CVSS6.6AI score0.0064EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.8 views

CVE-2026-1396

The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.2 views

CVE-2026-4162

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/13 10:29 a.m.5 views

WordPress Gravity SMTP plugin <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Uninstall vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Gravity SMTP versions = 2.1.4...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/10 12:31 p.m.3 views

EUVD-2026-21356

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/04/10 10:16 a.m.3 views

CVE-2026-4162

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 9:25 a.m.1 views

CVE-2026-4162 Gravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 9:25 a.m.2 views

CVE-2026-4162

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access a...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References3
Rows per page
Query Builder