Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-24444
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated malicious user to gather information...
Adobe Experience Manager Forms Add-on 6.4.8.2
Adobe Experience Manager Forms Add-on 6.5.6.0
4.3
CVSSv2
CVE-2018-19287
XSS in the Ninja Forms plugin prior to 3.3.18 for WordPress allows Remote malicious users to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
Ninjaforma Ninja Forms
1 EDB exploit
NA
CVE-2023-50891
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a up to and including ...
Zohocorp Zoho Forms
NA
CVE-2023-51412
Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a up to and including 1.0.25.
Piotnet Piotnet Forms
4
CVSSv2
CVE-2021-34647
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated malicious users to export all Ninja Fo...
Ninjaforms Ninja Forms
5
CVSSv2
CVE-2021-34675
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for stored PDF reports.
Basixonline Nex-forms
6.5
CVSSv2
CVE-2021-24163
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form &nda...
Ninjaforms Ninja Forms
5.8
CVSSv2
CVE-2021-24165
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
Ninjaforms Ninja Forms
6.5
CVSSv2
CVE-2020-11056
In Sprout Forms prior to 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.
Barrelstrengthdesign Sprout Forms
4
CVSSv2
CVE-2020-1779
When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x versi...
Otrs Ticket Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »