Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Patchstack
Patchstackadded 2026/04/08 7:48 a.m.3 views

WordPress Gravity Forms plugin <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field vulnerability

Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field vulnerability discovered by tadokun in WordPress Plugin Gravity Forms versions = 2.9.30...

6.1CVSS5.9AI score0.00037EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/04/08 7:39 a.m.3 views

WordPress Gravity Forms plugin <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter vulnerability

Reflected Cross-Site Scripting via 'formids' Parameter vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin Gravity Forms versions = 2.9.30...

4.7CVSS5.9AI score0.00043EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/04/08 12:16 a.m.3 views

CVE-2026-4406

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS0.00043EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/04/07 11:25 p.m.18 views

CVE-2026-4406 Gravity Forms <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter

The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the formids parameter in the gformgetconfig AJAX action in all versions up to, and including, 2.9.30. This is due to the GFCommon::sendjson method outputting JSON-encoded data wrapped in HTML comment...

4.7CVSS0.00043EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2024/01/05 12:0 a.m.4 views

PT-2024-14437 · Unknown · Wpaffiliatemgr Affiliates Manager

Name of the Vulnerable Software and Affected Versions: wpaffiliatemgr Affiliates Manager versions 2.9.30 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who...

5.3CVSS5.9AI score0.00148EPSS
Exploits0References5
Patchstack
Patchstackadded 2023/12/28 12:0 a.m.9 views

WordPress Affiliates Manager Plugin <= 2.9.30 is vulnerable to Sensitive Data Exposure

Software Affiliates Manager Type Plugin Vulnerable versions = 2.9.30 Fixed in 2.9.31 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-52148 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6d65e80d0f2d Credits...

5.3CVSS6.5AI score0.00148EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder