Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-24516
The PlanSo Forms WordPress plugin up to and including 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Sto...
Planso Planso Forms
NA
CVE-2021-4367
The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and outpu...
Flothemes Flo Forms
7.5
CVSSv2
CVE-2014-9688
Unspecified vulnerability in the Ninja Forms plugin prior to 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
Ninjaforms Ninja Forms
NA
CVE-2020-36717
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated malicious users to access the plugin&...
Kaliforms Kali Forms
6.4
CVSSv2
CVE-2018-20981
The ninja-forms plugin prior to 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Ninjaforms Ninja Forms
NA
CVE-2022-3142
The NEX-Forms WordPress plugin prior to 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, howeve...
Basixonline Nex-forms
2 Github repositories
6.8
CVSSv2
CVE-2019-5924
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and previous versions allows remote malicious users to hijack the authentication of administrators via a specially crafted page.
Rednao Smart Forms
4
CVSSv2
CVE-2021-34647
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated malicious users to export all Ninja Fo...
Ninjaforms Ninja Forms
4
CVSSv2
CVE-2021-34648
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated malicious users to send arbitrary emails from the ...
Ninjaforms Ninja Forms
5
CVSSv2
CVE-2021-34675
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for stored PDF reports.
Basixonline Nex-forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »