Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2020-11056
In Sprout Forms prior to 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.
Barrelstrengthdesign Sprout Forms
516
VMScore
CVE-2019-2886
Vulnerability in the Oracle Forms product of Oracle Fusion Middleware (component: Services). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Forms. Successful ...
Oracle Forms 12.2.1.3.0
NA
CVE-2022-2903
The Ninja Forms Contact Form WordPress plugin prior to 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
Ninjaforms Ninja Forms
383
VMScore
CVE-2020-12462
The ninja-forms plugin prior to 3.4.24.2 for WordPress allows CSRF with resultant XSS.
Ninjaforms Ninja Forms
516
VMScore
CVE-2018-19796
An open redirect in the Ninja Forms plugin prior to 3.3.19.1 for WordPress allows Remote malicious users to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter.
Ninjaforms Ninja Forms
312
VMScore
CVE-2021-25066
The Ninja Forms Contact Form WordPress plugin prior to 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Ninjaforms Ninja Forms
NA
CVE-2023-28782
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a up to and including 2.7.3.
Gravityforms Gravity Forms
NA
CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthen...
Cimatti Contact Forms
NA
CVE-2023-50836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a up to and including 1.3.28.
Ibericode Html Forms
NA
CVE-2023-50838
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and m...
Basixonline Nex-forms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »