CVE-2025-9898 cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery

The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...

PT-2025-39716

Name of the Vulnerable Software and Affected Versions cForms – Light speed fast Form Builder plugin for WordPress versions through 3.0.0 Description The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the cforms api function. This allows...

CVE-2025-0939

The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke tho...

CVE-2024-2797

The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description CSRF in custom field settings Proof of Concept /fields/1/fieldset/1/disassociate" /fields/required/3/3" /fields/optional/3/3" Impact This vulnerability is capable of trick admin user to modify custom forms...

WordPress cp-contact-form-with-paypal plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin is one of the payment plugins. A cross-site...