CVE-2025-30767

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 5.3.0...

CVE-2025-30863

CVE-2025-30863 is a CSRF vulnerability in theIntegration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin. Affected is the plugin “Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms” with versions up to 1.0.9 (inclusive). The issue is a C...

CVE-2025-30767

CVE-2025-30767 affects PDF for WPForms (WordPress) via Missing Authorization, enabling Arbitrary Shortcode Execution in PDF for WPForms plugins

CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 5.3.0...

CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 5.3.0...

WordPress plugin PDF for WPForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by theviper17 in WordPress Plugin PDF for WPForms versions = 5.3.0...

PT-2025-6434 · WordPress · Wpsyncsheets Lite For Wpforms

Name of the Vulnerable Software and Affected Versions: WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress versions up to, and including, 1.6 Description: The issue is related to unauthorized modification of data due to a missing capability check on the wpsslwp...

WordPress plugin WPSyncSheets Lite For WPForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Kévin Mosbahi Mika in WordPress Plugin WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon versions = 1.6...

WordPress WPForms Contact Form Plugin <= 1.8.7.2 Unauthenticated Data Manipulation Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpforms:contactform"; ifdescription...

CVE-2024-13403

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping...

CVE-2025-24708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms,...

WordPress WPForms Lite plugin <= 1.9.3.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpforms:contactform"; if description...

CVE-2024-11205

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2024-13403

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping...

CVE-2024-13403 WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping...

CVE-2024-13403

CVE-2024-13403 affects WPForms Lite for WordPress (versions up to and including 1.9.3.1). The vulnerability is a stored cross-site scripting flaw in the fieldHTML parameter caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated user with Contributor-...

CVE-2024-13403 WPForms Lite <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping...

WordPress plugin WPForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...