Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50891
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a up to and including ...
Zohocorp Zoho Forms
7.5
CVSSv2
CVE-2016-1209
The Ninja Forms plugin prior to 2.9.42.1 for WordPress allows remote malicious users to conduct PHP object injection attacks via crafted serialized values in a POST request.
Ninjaforms Ninja Forms
1 EDB exploit
3 Github repositories
6.4
CVSSv2
CVE-2018-20981
The ninja-forms plugin prior to 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
Ninjaforms Ninja Forms
7.5
CVSSv2
CVE-2019-13575
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress up to and including 1.4.9. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system via includes/evf-entry-functi...
Wpeverest Everest Forms
NA
CVE-2020-36712
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthentica...
Kaliforms Kali Forms
NA
CVE-2020-36717
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated malicious users to access the plugin&...
Kaliforms Kali Forms
NA
CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated malicious user to change (or delete) the ...
Kaliforms Kali Forms
3.5
CVSSv2
CVE-2021-24705
The NEX-Forms WordPress plugin prior to 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow malicious users to make a logged in admin edit arbitrary fo...
Basixonline Nex-forms
3.5
CVSSv2
CVE-2021-24744
The WordPress Contact Forms by Cimatti WordPress plugin prior to 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed...
Cimatti Contact Forms
3.5
CVSSv2
CVE-2021-24896
The Caldera Forms WordPress plugin prior to 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Calderaforms Caldera Forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »