Lucene search
K

25 matches found

CVE
CVE
added 2025/12/17 4:31 a.m.18 views

CVE-2025-13861

CVE-2025-13861 affects the WordPress plugin HTML Forms – Simple WordPress Forms Plugin. It is vulnerable to unauthenticated stored XSS in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it on the admin submissions ...

6.1CVSS5AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.4 views

PT-2025-51810

The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This...

6.1CVSS5.3AI score0.00215EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.4 views

OpnForm 代码注入漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A code injection vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from a cross-site scripting attack in file /show/submissions...

6.1CVSS5AI score0.00356EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-6112

Malware in sbrugna...

9.8CVSS9.5AI score0.01779EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/08/27 12:0 a.m.3 views

Mahara 24.04 < 24.04.1, 23.04 < 23.04.6 Information Disclosure Vulnerability

Mahara is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if...

9.1CVSS6.5AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 3:15 p.m.15 views

CVE-2024-39335

Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration - Groups - Submissions...

9.1CVSS0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.6 views

PT-2025-34768 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 24.04 through 24.04.0 Mahara versions 23.04 through 23.04.5 Description: Certain conditions on the 'Current submissions' page Administration - Groups - Submissions can lead to information disclosure to an institution...

9.1CVSS6.9AI score0.00302EPSS
Exploits0References5
CVE
CVE
added 2025/08/26 12:0 a.m.20 views

CVE-2024-39335

CVE-2024-39335 affects Mahara: vulnerable versions 24.04 before 24.04.1 and 23.04 before 23.04.6 are susceptible to information disclosure to an institution administrator via the Current submissions page (Administration → Groups → Submissions). Root cause: information disclosure condition on that...

9.1CVSS6.3AI score0.00302EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.8 views

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.1AI score0.28565EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:32 a.m.7 views

CVE-2019-15025

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

9.8CVSS8.1AI score0.01779EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/03/02 7:15 p.m.2 views

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS7AI score0.28565EPSS
Exploits5References4
OSV
OSV
added 2023/03/02 7:15 p.m.6 views

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.28565EPSS
Exploits5References3
Prion
Prion
added 2023/03/02 7:15 p.m.20 views

Cross site scripting

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS5.8AI score0.28565EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2023/03/02 6:35 p.m.56 views

CVE-2023-0084 Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.4AI score0.28565EPSS
Exploits5References4
OSV
OSV
added 2023/01/03 2:15 p.m.3 views

CVE-2023-0038

The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.5AI score0.00755EPSS
Exploits1References2
Prion
Prion
added 2023/01/03 2:15 p.m.19 views

Cross site scripting

The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS5.8AI score0.00755EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.9 views

PT-2023-15964 · WordPress · Survey Maker

Name of the Vulnerable Software and Affected Versions: Survey Maker – Best WordPress Survey Plugin versions up to, and including, 3.1.3 Description: The issue is related to Stored Cross-Site Scripting via survey answers due to insufficient input sanitization and output escaping. This allows...

7.2CVSS5.9AI score0.00755EPSS
Exploits1References7
NVD
NVD
added 2019/08/14 3:15 p.m.28 views

CVE-2019-15025

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

9.8CVSS10AI score0.01779EPSS
Exploits0References1
Prion
Prion
added 2019/08/14 3:15 p.m.15 views

Sql injection

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

7.5CVSS9.9AI score0.01779EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/01/10 12:0 a.m.13 views

Ninja Forms <= 3.3.21 - XSS and SQLi

Reflected XSS vulnerability in the administrative dashboard. Blind SQL injection vulnerability in the search filter on the submissions page...

1.8AI score
Exploits0Affected Software1
Rows per page
Query Builder