The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_set
The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fv_export_data’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied par
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on
The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied para
The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_search' parameters in all versions up to, and
The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions u
The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of
The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient inpu
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and
The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_export' function in all versions up to, and including,
The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda_app' shortcode in all versions up to, and including, 5.5.63 due to insufficient input saniti
The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name'
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints i
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to
The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes it
The Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, an
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authoriza
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/includes/LB_admin_ajax.php file in all ve
Page 1+ Next →