Lucene search
K

16 matches found

EUVD
EUVD
added 13 hours ago5 views

EUVD-2026-41487

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score
Exploits0References14
OSV
OSV
added 2026/05/29 10:19 p.m.6 views

GHSA-PGXQ-P76C-X9CG formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 10:19 p.m.21 views

formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/29 8:16 p.m.14 views

CVE-2026-47266

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...

8.7CVSS0.00311EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:3 p.m.7 views

CVE-2026-47266

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/24 1:48 p.m.8 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the doWriteSave process in the UCenter Article Submission Endpoint when handling the id or userId arguments. An attacker can gain unauthorized access to or modify articles by sending crafted requests to the...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/24 10:45 a.m.18 views

CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

6.5CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added 2026/05/11 12:0 a.m.14 views

CVE-2026-38566

CVE-2026-38566 affects HireFlow v1.2. The issue is CSRF on all state-changing POST endpoints (e.g., /profile password change, /candidates/delete/, /feedback/add/, /interviews/add) due to missing CSRF token validation and no SESSION_COOKIE_SAMESITE configuration. Root cause: CSRF token validation ...

8.1CVSS6AI score0.00168EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/06 3:31 p.m.4 views

EUVD-2018-21623

Precurio Intranet Portal 2.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests. Attackers can forge requests to the /public/admin/user/submitnew endpoint with user creation parameter...

5.3CVSS5.7AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 4:15 a.m.4 views

CVE-2026-2365

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS0.00263EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 3:23 a.m.2 views

CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS6AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23129

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro versions up to and including 6.1.17 Description The Fluent Forms Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the fluentform step form save data AJAX action. The draft form submission endpoint...

7.2CVSS5.9AI score0.00263EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/12 12:0 a.m.23 views

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

0.00441EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/08/25 11:32 p.m.9 views

CVE-2025-9429 mtons mblog Post submit cross site scripting

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...

5.1CVSS0.00234EPSS
Exploits1References6
CNVD
CNVD
added 2021/02/26 12:0 a.m.10 views

CloudBees Jenkins Claim Plugin Cross-Site Request Forgery Vulnerability

Jenkins Claim is a Jenkins open source application plug-in . A cross-site request forgery vulnerability exists in Jenkins Claim Plugin version 2.18.1 and earlier. The vulnerability stems from the program not making a POST request to the form submission endpoint of the assigned claim. An attacker...

4.3CVSS6.4AI score0.01635EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/24 12:0 a.m.8 views

Jenkins Claim 跨站请求伪造漏洞

Jenkins Claim is a Jenkins open source application plug-in . A cross-site request forgery vulnerability exists in Jenkins Claim Plugin version 2.18.1 and earlier. The vulnerability stems from the program not making a POST request to the form submission endpoint of the assigned claim. An attacker...

4.3CVSS5.7AI score0.01635EPSS
Exploits0References4
Rows per page
Query Builder