Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-7151
Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.
Nex-forms Lite Project Nex-forms Lite 2.1.0
NA
CVE-2022-3154
The Woo Billingo Plus WordPress plugin prior to 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin prior to 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin prior to 1.2.7 are lacking CSRF checks in various AJAX actions, which could allo...
Woo Billingo Plus Project Woo Billingo Plus
Integration For Billingo \\& Gravity Forms Project Integration For Billingo \\& Gravity Forms
Integration For Szamlazz.hu \\& Gravity Forms Project Integration For Szamlazz.hu \\& Gravity Forms
3.5
CVSSv2
CVE-2014-6169
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777.
Ibm Forms Experience Builder 8.5
Ibm Forms Experience Builder 8.5.1
NA
CVE-2022-40191
Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.
Contact Form By Mega Forms Project Contact Form By Mega Forms
7.5
CVSSv2
CVE-2015-9452
The nex-forms-express-wp-form-builder plugin prior to 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
Nex-forms - Ultimate Form Builder Project Nex-forms - Ultimate Form Builder
7.5
CVSSv2
CVE-2014-4972
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and previous versions for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-c...
Ajax Upload For Gravity Forms Project Ajax Upload For Gravity Forms
6
CVSSv2
CVE-2020-9732
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in...
Adobe Experience Manager
Adobe Experience Manager Forms 6.4.8.1
Adobe Experience Manager Forms 6.5.5.0
5
CVSSv2
CVE-2020-9733
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
Adobe Experience Manager
Adobe Experience Manager Forms 6.4.8.1
Adobe Experience Manager Forms 6.5.5.0
9.3
CVSSv2
CVE-2021-37334
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been...
Umbraco Forms
3.5
CVSSv2
CVE-2021-24505
The Forms WordPress plugin prior to 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.
Madeit Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »