CVE-2026-42742 WordPress Views for WPForms plugin <= 3.4.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through = 3.4.6...

PT-2026-40009

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through = 3.4.6...

Design/Logic Flaw

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0370

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0373

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'saveview' function. This makes it possible for...

CVE-2024-0373

The CVE-2024-0373 entry concerns the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend, vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the save_view function. Affected versions are all up to and including 3.2.2. The...

CVE-2024-0371

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0370

The CVE-2024-0370 entry affects Views for WPForms – Display & Edit WPForms Entries on your site frontend (WordPress), vulnerable versions up to and including 3.2.2. The root cause is a missing authorization check in the save_view function, enabling authenticated users with subscriber access and a...

CVE-2024-0374

CVE-2024-0374 affects the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend. The issue is CSRF due to missing/incorrect nonce validation in the create_view function, allowing unauthenticated attackers to create views via a forged request if they trick an ad...

CVE-2024-0372 Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0372

CVE-2024-0372 affects the WordPress plugin Views for WPForms Lite up to version 3.2.2, with a missing authorization check in get_form_fields that allows authenticated users with subscriber+ role to create or view form data. The issue is rooted in an improper permission check for the get_form_fiel...

CVE-2024-0372 Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

PT-2024-15505 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to a missing capability check on the save view function, allowing...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Views for WPForms < 3.2.3 - Missing Authorization via create_view

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for...