CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

RedhatCVE•added 2026/05/04 8:21 p.m.•1 views

CVE-2026-5112

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...

7.2CVSS6AI score0.00021EPSS

Exploits0References1

NVD•added 2026/05/02 6:16 a.m.•2 views

CVE-2026-5111

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...

7.2CVSS0.00021EPSS

Exploits0References2

ATTACKERKB•added 2026/05/02 5:29 a.m.•1 views

CVE-2026-5111

7.2CVSS6AI score0.00021EPSS

Exploits0References3

CVE•added 2026/05/02 5:29 a.m.•8 views

CVE-2026-5111

CVE-2026-5111: Gravity Forms for WordPress (

7.2CVSS6AI score0.00021EPSS

Exploits0References2

Vulnrichment•added 2026/05/02 5:29 a.m.•2 views

CVE-2026-5111 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater

7.2CVSS6AI score0.00021EPSS

Exploits0References2

Cvelist•added 2026/05/02 5:29 a.m.•31 views

CVE-2026-5111 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater

7.2CVSS0.00021EPSS

Exploits0References2

CVE•added 2026/05/02 5:29 a.m.•5 views

CVE-2026-5112

CVE-2026-5112 affects Gravity Forms for WordPress up to v2.10.0. An unauthenticated Stored XSS exists in the Calculation Product field within Repeater fields due to weak input validation and output escaping: validate() only checks the quantity field, sanitize_entry_value() returns raw HTML for no...

7.2CVSS6AI score0.00021EPSS

Exploits0References2

Cvelist•added 2026/05/02 5:29 a.m.•25 views

CVE-2026-5112 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in Repeater

7.2CVSS0.00021EPSS

Exploits0References2

EUVD•added 2026/05/02 5:29 a.m.•1 views

EUVD-2026-26744

7.2CVSS6AI score0.00021EPSS

Exploits0References2

Positive Technologies•added 2026/05/02 12:0 a.m.•1 views

PT-2026-36575

7.2CVSS6AI score0.00021EPSS

Exploits0References3

Positive Technologies•added 2026/05/02 12:0 a.m.•2 views

PT-2026-36576

7.2CVSS6AI score0.00021EPSS

Exploits0References3

RedhatCVE•added 2026/02/11 1:16 p.m.•1 views

CVE-2026-2268

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

7.5CVSS5.7AI score0.00085EPSS

Exploits2References1

NVD•added 2026/02/10 10:16 a.m.•3 views

CVE-2026-2268

7.5CVSS0.00085EPSS

Exploits2References5

Vulnrichment•added 2026/02/10 9:26 a.m.•2 views

CVE-2026-2268 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action

7.5CVSS5.7AI score0.00085EPSS

Exploits2References5

CVE•added 2026/02/10 9:26 a.m.•14 views

CVE-2026-2268

The CVE-2026-2268 entry concerns Ninja Forms for WordPress (

7.5CVSS5.7AI score0.00085EPSS

Exploits2References5

Positive Technologies•added 2026/02/10 12:0 a.m.•3 views

PT-2026-7248

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninja forms merge tags filter to user-supplied input within repeater fields, which allows the resolution of post meta:KEY...

7.5CVSS5.7AI score0.00085EPSS

Exploits2References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by