Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms project forms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-7151
Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.
Nex-forms Lite Project Nex-forms Lite 2.1.0
NA
CVE-2022-3154
The Woo Billingo Plus WordPress plugin prior to 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin prior to 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin prior to 1.2.7 are lacking CSRF checks in various AJAX actions, which could allo...
Woo Billingo Plus Project Woo Billingo Plus
Integration For Billingo \\& Gravity Forms Project Integration For Billingo \\& Gravity Forms
Integration For Szamlazz.hu \\& Gravity Forms Project Integration For Szamlazz.hu \\& Gravity Forms
NA
CVE-2022-40191
Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.
Contact Form By Mega Forms Project Contact Form By Mega Forms
7.5
CVSSv2
CVE-2014-4972
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and previous versions for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-c...
Ajax Upload For Gravity Forms Project Ajax Upload For Gravity Forms
7.5
CVSSv2
CVE-2015-9452
The nex-forms-express-wp-form-builder plugin prior to 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
Nex-forms - Ultimate Form Builder Project Nex-forms - Ultimate Form Builder
7.5
CVSSv2
CVE-2015-4455
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
Aviary Image Editor Add-on For Gravity Forms Project Aviary Image Editor Add-on For Gravity Forms
1 EDB exploit
NA
CVE-2021-30134
php-mod/curl (a wrapper of the PHP cURL extension) prior to 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.
Php Curl Class Project Php Curl Class
Ht Slider Range For Amazon Affiliates Project Ht Slider Range For Amazon Affiliates
Qiwi Woo-qiwi-payment-gateway
Teamleade Teamleader Crm Forms
Ptwooplugins Invoicing With Invoicexpress For Woocommerce
Shopello Api Project Shopello Api
10
CVSSv2
CVE-2013-4610
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap prior to 5.0.3 and 5.1.x prior to 5.1.2 has unknown impact and remote attack vectors.
Project-redcap Redcap 5.0.0
Project-redcap Redcap 4.14.5
Project-redcap Redcap 4.15.1
Project-redcap Redcap 4.15.3
Project-redcap Redcap 5.1.1
Project-redcap Redcap 4.15.4
Project-redcap Redcap 4.13.18
Project-redcap Redcap 5.0.6
Project-redcap Redcap 5.1.0
Vanderbilt Redcap 4.14.4
Vanderbilt Redcap 4.14.3
Vanderbilt Redcap 4.14.2
Vanderbilt Redcap 4.14.1
Vanderbilt Redcap 4.14.0
Project-redcap Redcap 5.0.1
Project-redcap Redcap 4.14.6
Project-redcap Redcap 4.15.0
Project-redcap Redcap 4.15.2
Vanderbilt Redcap
4.3
CVSSv2
CVE-2022-0830
The FormBuilder WordPress plugin up to and including 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary for...
Formbuilder Project Formbuilder
4.3
CVSSv2
CVE-2020-36190
RailsAdmin (aka rails_admin) prior to 1.4.3 and 2.x prior to 2.0.2 allows XSS via nested forms.
Rails Admin Project Rails Admin
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »