Infusionsoft Gravity Forms Security Vulnerabilities and Issues — Infusionsoft Gravity Forms CVE List

Lucene search

Infusionsoft Gravity Forms ProjectInfusionsoft Gravity Forms

4 matches found

CVE•added 2021/08/09 10:15 a.m.•48 views

CVE-2021-24505

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.

5.4CVSS5.2AI score0.00208EPSS

CVE•added 2025/01/17 10:15 a.m.•48 views

CVE-2024-13378

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style_settings’ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

5.4CVSS5.2AI score0.00128EPSS

CVE•added 2025/01/17 10:15 a.m.•45 views

CVE-2024-13377

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.2CVSS6.2AI score0.00206EPSS

CVE•added 2014/09/26 9:55 p.m.•41 views

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.

7.5CVSS7.7AI score0.80814EPSS