PT-2026-24579

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...

CVE-2023-50896

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through 1.6.17...

CVE-2025-69028

Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through = 1.6.25...

EUVD-2025-205716

Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through = 1.6.25...

CVE-2025-69028

Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through = 1.6.25...

CVE-2025-69028 WordPress weForms plugin <= 1.6.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through = 1.6.25...

CVE-2025-69028

CVE-2025-69028 : The WordPress plugin weForms (and related form plugin ecosystem) contains a missing authorization flaw in versions up to 1.6.25, enabling unauthorized users to access or perform restricted actions due to misconfigured access controls. Public disclosures list this as a Missing Aut...

CVE-2025-69028 WordPress weForms plugin <= 1.6.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through = 1.6.25...

WordPress plugin weForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-53909

Name of the Vulnerable Software and Affected Versions BoldGrid weForms versions through 1.6.25 Description An authorization issue exists in BoldGrid weForms that allows exploitation due to incorrectly configured access control security levels. Recommendations Update BoldGrid weForms to a version...

WordPress weForms plugin <= 1.6.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin weForms versions = 1.6.25...

EUVD-2023-56236

Malicious code in bioql PyPI...

EUVD-2024-30314

Malicious code in bioql PyPI...

EUVD-2022-34660

Malicious code in bioql PyPI...

EUVD-2023-55629

Malicious code in bioql PyPI...

EUVD-2024-28432

Malicious code in bioql PyPI...

CVE-2024-32512

Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20...

CVE-2024-30512

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20...

CVE-2023-51524

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18...

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...