Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-7151
Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.
Nex-forms Lite Project Nex-forms Lite 2.1.0
NA
CVE-2022-3154
The Woo Billingo Plus WordPress plugin prior to 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin prior to 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin prior to 1.2.7 are lacking CSRF checks in various AJAX actions, which could allo...
Woo Billingo Plus Project Woo Billingo Plus
Integration For Billingo \\& Gravity Forms Project Integration For Billingo \\& Gravity Forms
Integration For Szamlazz.hu \\& Gravity Forms Project Integration For Szamlazz.hu \\& Gravity Forms
312
VMScore
CVE-2014-6169
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777.
Ibm Forms Experience Builder 8.5
Ibm Forms Experience Builder 8.5.1
668
VMScore
CVE-2015-9452
The nex-forms-express-wp-form-builder plugin prior to 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
Nex-forms - Ultimate Form Builder Project Nex-forms - Ultimate Form Builder
668
VMScore
CVE-2014-4972
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and previous versions for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-c...
Ajax Upload For Gravity Forms Project Ajax Upload For Gravity Forms
NA
CVE-2022-40191
Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.
Contact Form By Mega Forms Project Contact Form By Mega Forms
535
VMScore
CVE-2020-9732
The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in...
Adobe Experience Manager
Adobe Experience Manager Forms 6.4.8.1
Adobe Experience Manager Forms 6.5.5.0
445
VMScore
CVE-2020-9733
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
Adobe Experience Manager
Adobe Experience Manager Forms 6.4.8.1
Adobe Experience Manager Forms 6.5.5.0
312
VMScore
CVE-2021-24505
The Forms WordPress plugin prior to 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.
Madeit Forms
828
VMScore
CVE-2021-37334
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been...
Umbraco Forms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »