Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0560
PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote malicious users to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, ...
Contact Forms Cforms
4.3
CVSSv3
CVE-2021-24164
In the Ninja Forms Contact Form WordPress plugin prior to 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already est...
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2021-24516
The PlanSo Forms WordPress plugin up to and including 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Sto...
Planso Planso Forms
8.8
CVSSv3
CVE-2019-5924
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and previous versions allows remote malicious users to hijack the authentication of administrators via a specially crafted page.
Rednao Smart Forms
4.8
CVSSv3
CVE-2023-51695
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – B...
Wpeverest Everest Forms
5.4
CVSSv3
CVE-2023-0439
The NEX-Forms WordPress plugin prior to 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower role...
Basixonline Nex-forms
NA
CVE-2014-9688
Unspecified vulnerability in the Ninja Forms plugin prior to 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.
Ninjaforms Ninja Forms
8.8
CVSSv3
CVE-2023-2877
The Formidable Forms WordPress plugin prior to 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions ...
Strategy11 Formidable Forms
1 Github repository
9.8
CVSSv3
CVE-2023-28782
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a up to and including 2.7.3.
Gravityforms Gravity Forms
5.4
CVSSv3
CVE-2022-36791
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.
Awesome Torro Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »