Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2024-0660
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the up...
Strategy11 Formidable Forms
9.8
CVSSv3
CVE-2024-0685
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the u...
Ninjaforms Ninja Forms
6.1
CVSSv3
CVE-2023-27613
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada – Form Builder plugin <= 1.0 versions.
Monitorclick Forms Ada
4.8
CVSSv3
CVE-2023-35095
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40 versions.
Flothemes Flo Forms
4.8
CVSSv3
CVE-2023-50836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a up to and including 1.3.28.
Ibericode Html Forms
7.2
CVSSv3
CVE-2023-50838
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and m...
Basixonline Nex-forms
5.4
CVSSv3
CVE-2023-50891
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a up to and including ...
Zohocorp Zoho Forms
6.1
CVSSv3
CVE-2023-26091
The frp_form_answers (aka Forms Export) extension prior to 3.1.2, and 4.x prior to 4.0.2, for TYPO3 allows XSS via saved emails.
Frappant Forms Export
6.1
CVSSv3
CVE-2023-1835
The Ninja Forms Contact Form WordPress plugin prior to 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ninjaforms Ninja Forms
4.8
CVSSv3
CVE-2023-5530
The Ninja Forms Contact Form WordPress plugin prior to 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are alr...
Ninjaforms Ninja Forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »