68 matches found
WordPress Piotnet Forms plugin <= 2.1.40 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Piotnet Forms versions = 2.1.40...
CVE-2026-4883
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...
CVE-2026-4883
Piotnet Forms for WordPress (v2.1.40 and earlier) is affected by a vulnerability in the piotnetforms_ajax_form_builder function, where missing file type validation and an incomplete extension blacklist allow unauthenticated arbitrary file uploads. Since the blacklist only blocks php, phpt, php5, ...
EUVD-2026-30892
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...
CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...
CVE-2026-4883
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...
CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...
WordPress plugin Piotnet Forms 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
EUVD-2023-56134
Malicious code in bioql PyPI...
EUVD-2025-9242
Malicious code in bioql PyPI...
EUVD-2023-56133
Malicious code in bioql PyPI...
EUVD-2025-9234
Malicious code in bioql PyPI...
EUVD-2023-58467
Malicious code in bioql PyPI...
EUVD-2025-30672
Malicious code in bioql PyPI...
EUVD-2025-10459
Malicious code in bioql PyPI...
CVE-2025-57933
Cross-Site Request Forgery CSRF vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Cross Site Request Forgery.This issue affects Piotnet Forms: from n/a through = 1.0.30...
CVE-2025-57933
Cross-Site Request Forgery CSRF vulnerability in piotnetdotcom Piotnet Forms piotnetforms allows Cross Site Request Forgery.This issue affects Piotnet Forms: from n/a through = 1.0.30...
WordPress Piotnet Forms Plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin Piotnet Forms versions = 1.0.30...
CVE-2025-57933 WordPress Piotnet Forms Plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in piotnetdotcom Piotnet Forms allows Cross Site Request Forgery. This issue affects Piotnet Forms: from n/a through 1.0.30...
CVE-2025-57933
Technical details of CVE-2025-57933 are not provided in the connected documents. The initial description notes a CSRF issue in Piotnet Forms affecting versions from n/a to 1.0.30; monitor for official vendor advisories or patches for specifics.