CVE-2025-67570 WordPress WPForms Google Sheet Connector plugin <= 4.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.0...

EUVD-2020-2838

Malware in sbrugna...

EUVD-2025-14199

Malicious code in bioql PyPI...

EUVD-2024-50983

Malicious code in bioql PyPI...

EUVD-2024-33189

Malicious code in bioql PyPI...

EUVD-2024-34017

Malicious code in bioql PyPI...

EUVD-2024-16170

Malicious code in bioql PyPI...

EUVD-2024-16166

Malicious code in bioql PyPI...

EUVD-2024-32867

Malicious code in bioql PyPI...

EUVD-2023-33825

Malicious code in bioql PyPI...

CVE-2025-10647

The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxhandlerdownloadpdfmedia function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-10647

The CVE-2025-10647 entry refers to the WordPress plugin Embed PDF for WPForms. Affected versions are

WordPress Embed PDF for WPForms plugin <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by theviper17y in WordPress Plugin Embed PDF for WPForms versions = 1.1.5...

CVE-2025-58620

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Stored XSS.This issue affects PDF for WPForms: from n/a through = 6.2.1...

CVE-2025-7697

The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...

CVE-2024-0372

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-12593

The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdfdotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-10016

The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-11223

The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-0374

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'createview' function. This makes it possible for...