The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_fi
The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_c
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all
The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack
The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 v
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and inclu
The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input s
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a th
The Everest Forms WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack
The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitiz
The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient in
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accept
The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the `update_wp_memory_constants()` method. This is due to insufficient in
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomify_api_key' parameter in versions up to and including 0.3.6. This is due
The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() functio
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only de
The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to insufficie
Page 1+ Next →