CVE-2026-39700

Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through = 1.4.32...

EUVD-2026-20400

Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through = 1.4.32...

CVE-2026-39700

Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through = 1.4.32...

CVE-2026-0626

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

CVE-2026-0626 WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

CVE-2023-29434

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin = 1.3.1 versions...

CVE-2023-49841

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3...

CVE-2025-23925

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jp2112 Feedburner Optin Form feedburner-optin-form allows Stored XSS.This issue affects Feedburner Optin Form: from n/a through = 0.2.8...

EUVD-2025-203190

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employeespotlightcheckoptin function in all versions up to, and including, 5.1.3. This makes it possible f...

BIT-LIMESURVEY-2025-41075 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

CVE-2025-41075

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

CVE-2025-41075

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

CVE-2025-41075

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

Infinite loop

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Infinite loop via the /optin endpoint, which causes infinite HTTP redirects when accessed directly. An attacker can exhaust server or client resources by repeatedly triggeri...

CVE-2025-41075 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

CVE-2025-41075 Multiple vulnerabilities in Limesurvey

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which can...

CVE-2025-41075

LimeSurvey 6.13.0 has a vulnerability in the /optin endpoint that causes infinite HTTP redirects, enabling a DoS by exhausting server or client resources. Multiple connected sources (NVD, OSV, Red Hat, CIRCL, Snyk) confirm the issue and its impact (service degradation, potential browser instabili...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is an open source online survey program from the LimeSurvey team that supports survey program development, survey distribution, and data collection. A security vulnerability exists in LimeSurvey version 6.13.0, which originates from an endpoint/optin resulting in an unlimit...

PT-2025-47570

Name of the Vulnerable Software and Affected Versions LimeSurvey version 6.13.0 Description A flaw exists in LimeSurvey version 6.13.0 within the /optin endpoint that results in infinite HTTP redirects when directly accessed. This can be leveraged to create a Denial of Service DoS attack by...

CVE-2025-12392

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...