Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49841
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordP...
Fancythemes Optin Forms
NA
CVE-2023-52120
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a up to and including 8.5.2.
Basixonline Nex-forms
NA
CVE-2023-50836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a up to and including 1.3.28.
Ibericode Html Forms
NA
CVE-2023-50838
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and m...
Basixonline Nex-forms
578
VMScore
CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form &nda...
Ninjaforms Ninja Forms
516
VMScore
CVE-2021-24166
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin prior to 3.4.34 had no nonce protection making it possible for malicious users to craft a request to disconnect a site's OAuth connection.
Ninjaforms Ninja Forms
605
VMScore
CVE-2008-0560
PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote malicious users to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, ...
Contact Forms Cforms
445
VMScore
CVE-2021-34675
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for stored PDF reports.
Basixonline Nex-forms
445
VMScore
CVE-2021-34676
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for Excel report generation.
Basixonline Nex-forms
383
VMScore
CVE-2021-24907
The Contact Form, Drag and Drop Form Builder for WordPress plugin prior to 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Wpeverest Everest Forms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »