Lucene search
K

132 matches found

Nuclei
Nuclei
added 15 hours ago79 views

Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter. id: CVE-2014-45...

6.1CVSS6.5AI score0.03902EPSS
Exploits2References5
Nuclei
Nuclei
added 15 hours ago62 views

FormLift for Infusionsoft Web Forms <= 7.5.17 - SQL Injection

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to SQL Injection via the 'formid' parameter in versions up to, and including, 7.5.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS6.1AI score0.02004EPSS
Exploits0References4
NVD
NVD
added 2026/06/27 8:16 a.m.11 views

CVE-2026-11597

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.10 views

CVE-2026-11597

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/27 6:50 a.m.8 views

EUVD-2026-39956

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/06/27 6:50 a.m.16 views

CVE-2026-11597

The CVE concerns the WordPress plugin “Surbma | Infusionsoft Shortcode” for versions up to 2.0.1. It enables Stored Cross-Site Scripting via the infusionsoft-form shortcode by unsafely handling user-supplied account and id attributes in surbma_infusionsoft_shortcode_shortcode(), which are concate...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.37 views

CVE-2026-11597 Surbma | Infusionsoft Shortcode <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...

6.4CVSS0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53049

Name of the Vulnerable Software and Affected Versions Surbma | Infusionsoft Shortcode versions prior to 2.0.2 Description Stored Cross-Site Scripting occurs via the 'infusionsoft-form' shortcode. The issue stems from insufficient input sanitization and output escaping within the surbma infusionso...

6.4CVSS6AI score0.00193EPSS
Exploits0References10
NVD
NVD
added 2026/06/15 9:17 p.m.16 views

CVE-2026-49104

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

9.8CVSS0.00476EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.10 views

EUVD-2026-36881

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

9.8CVSS5.3AI score0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.37 views

CVE-2026-49104 WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

9.8CVSS0.00476EPSS
Exploits1References1
CVE
CVE
added 2026/06/15 8:19 p.m.43 views

CVE-2026-49104

CVE-2026-49104 affects the WordPress plugin “Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions

9.8CVSS5.3AI score0.00476EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.14 views

PT-2026-49115

Name of the Vulnerable Software and Affected Versions Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions prior to 1.2.2 Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when...

9.8CVSS5.8AI score0.00476EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/06/05 8:59 a.m.9 views

WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.2.1...

9.8CVSS5.5AI score0.00476EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/03/27 11:24 a.m.5 views

WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability

Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.21...

5.3CVSS5.9AI score0.00473EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.5 views

CVE-2026-4281

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

5.3CVSS6AI score0.00473EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:30 a.m.8 views

EUVD-2026-16100

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

5.3CVSS6AI score0.00473EPSS
Exploits0References11
NVD
NVD
added 2026/03/26 5:16 a.m.4 views

CVE-2026-4281

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

5.3CVSS0.00473EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/26 3:37 a.m.2 views

CVE-2026-4281 FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

5.3CVSS6AI score0.00473EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/03/26 3:37 a.m.32 views

CVE-2026-4281 FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection Flow

The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connect and listenfortokens methods of the FormLiftInfusionsoftManager class, both of which are hooked ...

5.3CVSS0.00473EPSS
Exploits0References10
Rows per page
Query Builder