PT-2026-21052

Name of the Vulnerable Software and Affected Versions WPForms Google Sheet Connector versions through 4.0.1 Description A code injection issue exists in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms. The issue involves improper control of code generation, potentially allowing...

PT-2026-21091

Name of the Vulnerable Software and Affected Versions PDF for WPForms versions through 6.3.0 Description A missing authorization issue exists in PDF for WPForms, allowing exploitation due to incorrectly configured access control security levels. The issue is present in add-ons.org PDF for WPForms...

WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PDF for WPForms versions = 6.3.0...

WordPress Views for WPForms plugin <= 3.2.2 - Cross-Site Request Forgery via create_view vulnerability

Cross-Site Request Forgery via createview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

WordPress Views for WPForms plugin <= 3.2.2 - Cross-Site Request Forgery via save_view vulnerability

Cross-Site Request Forgery via saveview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via get_form_fields vulnerability

Missing Authorization via getformfields vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

WordPress Views for WPForms plugin <= 3.2.2 - Missing Authorization via create_view vulnerability

Missing Authorization via createview vulnerability discovered by Francesco Carlucci in WordPress Plugin Views for WPForms versions = 3.2.2...

Security vulnerabilities in the WordPress plugin database for Contact Form 7, WPforms, and Elementor Forms

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

CVE-2020-36919 WPForms 1.7.8 - Cross-Site Scripting (XSS)

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser...

CVE-2020-36919 WPForms 1.7.8 - Cross-Site Scripting (XSS)

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser...

CVE-2020-36919

WPForms 1.7.8 is affected by a cross-site scripting (XSS) vulnerability in the slider import search feature and the tab parameter. The issue can be triggered via the ListTable.php endpoint, where an attacker can inject arbitrary JavaScript to run in a victim’s browser. The vulnerable parameter is...

CVE-2023-31095

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8...

CVE-2025-60082

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.5.0...

CVE-2025-60082

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.5.0...

CVE-2025-60082 WordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.5.0...

CVE-2025-60082

CVE-2025-60082 affects the WordPress PDF for WPForms plugin (PDF-for-WPForms) with deserialization of untrusted data leading to possible object injection. Affected version Range: from n/a through

CVE-2025-60082 WordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.5.0...

WordPress plugin PDF for WPForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-52140

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.3.1...

CVE-2025-67570

Missing Authorization vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.0...