25 matches found
CVE-2025-13861
CVE-2025-13861 affects the WordPress plugin HTML Forms – Simple WordPress Forms Plugin. It is vulnerable to unauthenticated stored XSS in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it on the admin submissions ...
PT-2025-51810
The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...
OpnForm 代码注入漏洞
OpnForm is a form builder by Julien Nahum Personal Developer. A code injection vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from a cross-site scripting attack in file /show/submissions...
EUVD-2019-6112
Malware in sbrugna...
Mahara 24.04 < 24.04.1, 23.04 < 23.04.6 Information Disclosure Vulnerability
Mahara is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if...
CVE-2024-39335
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration - Groups - Submissions...
PT-2025-34768 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 24.04 through 24.04.0 Mahara versions 23.04 through 23.04.5 Description: Certain conditions on the 'Current submissions' page Administration - Groups - Submissions can lead to information disclosure to an institution...
CVE-2024-39335
CVE-2024-39335 affects Mahara: vulnerable versions 24.04 before 24.04.1 and 23.04 before 23.04.6 are susceptible to information disclosure to an institution administrator via the Current submissions page (Administration → Groups → Submissions). Root cause: information disclosure condition on that...
CVE-2023-0084
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2019-15025
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
CVE-2023-0084
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-0084
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Cross site scripting
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-0084 Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-0038
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Cross site scripting
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2023-15964 · WordPress · Survey Maker
Name of the Vulnerable Software and Affected Versions: Survey Maker – Best WordPress Survey Plugin versions up to, and including, 3.1.3 Description: The issue is related to Stored Cross-Site Scripting via survey answers due to insufficient input sanitization and output escaping. This allows...
CVE-2019-15025
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
Sql injection
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...
Ninja Forms <= 3.3.21 - XSS and SQLi
Reflected XSS vulnerability in the administrative dashboard. Blind SQL injection vulnerability in the search filter on the submissions page...