Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthen...
Cimatti Contact Forms
NA
CVE-2023-6220
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated malicious users ...
Piotnet Piotnet Forms
NA
CVE-2023-45748
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions.
Mailmunch Mailchimp Forms
NA
CVE-2023-2701
The Gravity Forms WordPress plugin prior to 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.
Mediaburst Gravity Forms
NA
CVE-2020-36670
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissi...
Basixonline Nex-forms
NA
CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated malicious user to change (or delete) the ...
Kaliforms Kali Forms
5
CVSSv2
CVE-2021-34675
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for stored PDF reports.
Basixonline Nex-forms
5
CVSSv2
CVE-2021-34676
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for Excel report generation.
Basixonline Nex-forms
6.5
CVSSv2
CVE-2021-24889
The Ninja Forms Contact Form WordPress plugin prior to 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks
Ninjaforms Ninja Forms
3.5
CVSSv2
CVE-2021-24896
The Caldera Forms WordPress plugin prior to 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Calderaforms Caldera Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »