Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-23388
The package forms prior to 1.2.1, from 1.3.0 and prior to 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.
Forms Project Forms
1 Github repository
4.3
CVSSv2
CVE-2017-16015
Forms is a library for easily creating HTML forms. Versions prior to 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting
Forms Project Forms
4.3
CVSSv2
CVE-2014-7152
Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 up to and including 5.0.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.
Mailchimp Easy Mailchimp Forms Plugin 5.0.6
Mailchimp Easy Mailchimp Forms Plugin 5.0.5
Mailchimp Easy Mailchimp Forms Plugin 5.0.3
Mailchimp Easy Mailchimp Forms Plugin 4.2
Mailchimp Easy Mailchimp Forms Plugin 4.0
Mailchimp Easy Mailchimp Forms Plugin 5.0.1
Mailchimp Easy Mailchimp Forms Plugin 5.0
Mailchimp Easy Mailchimp Forms Plugin 4.4
Mailchimp Easy Mailchimp Forms Plugin 4.3
Mailchimp Easy Mailchimp Forms Plugin 5.0.4
Mailchimp Easy Mailchimp Forms Plugin 5.0.2
Mailchimp Easy Mailchimp Forms Plugin 4.2.1
Mailchimp Easy Mailchimp Forms Plugin 4.1
Mailchimp Easy Mailchimp Forms Plugin 3.0
NA
CVE-2022-0402
The Super Forms - Drag & Drop Form Builder WordPress plugin prior to 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scriptin...
Super-forms Super Forms
4.3
CVSSv2
CVE-2017-1000033
Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user.
Vospari Forms Project Vospari Forms
NA
CVE-2022-3834
The Google Forms WordPress plugin up to and including 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...
Google Forms Project Google Forms
6.8
CVSSv2
CVE-2018-10063
The Convert Forms extension prior to 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.
Convert Forms Project Convert Forms
1 EDB exploit
5
CVSSv2
CVE-2018-20988
The wpgform plugin prior to 0.94 for WordPress has eval injection in the CAPTCHA calculation.
Google Forms Project Google Forms
NA
CVE-2013-10020
A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading ...
A-forms Project A-forms
6.5
CVSSv2
CVE-2021-24892
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) prior to 1.6.9 allows authenticated remote malicious user to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administr...
Advanced Forms Project Advanced Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »