104 matches found
CVE-2026-32484
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
CVE-2026-2707
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...
EUVD-2026-15828
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
CVE-2026-32484
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
CVE-2026-32484 WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
CVE-2026-32484 WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
CVE-2026-32484
CVE-2026-32484 affects WordPress BoldGrid weForms plugin (versions n/a through 1.6.26). The vulnerability is due to deserialization of untrusted data, enabling PHP object injection in weForms. CVSS 3.1 base score 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and privileges require...
CVE-2026-32484
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
PT-2026-28000
Name of the Vulnerable Software and Affected Versions BoldGrid weForms versions n/a through 1.6.26 Description An issue exists in BoldGrid weForms that allows for object injection due to deserialization of untrusted data. This impacts the application’s ability to securely handle data, potentially...
WordPress plugin weforms 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin weForms versions = 1.6.26...
WordPress weForms plugin <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability discovered by Muhammad Sharief in WordPress Plugin weForms versions = 1.6.27...
EUVD-2026-11099
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...
CVE-2026-2707
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...
CVE-2026-2707
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...
CVE-2026-2707
CVE-2026-2707 affects the WordPress weForms plugin (all versions up to 1.6.27). The issue is a Stored Cross-Site Scripting flaw via the REST API entry submission endpoint (/wp-json/weforms/v1/forms/{id}/entries/). The root cause is inconsistent input sanitization between the frontend AJAX handler...
CVE-2026-2707 weForms <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...
CVE-2026-2707 weForms <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...
EUVD-2026-11100
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...
WordPress plugin weForms 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...