📦 Wpforms

This vulnerability in the WPForms WordPress plugin allows authenticated users with Subscriber-level access or higher to refund payments and cancel subscriptions without proper authorization. It affect...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using WPForms Pro plugin. When users visit pages containing these injected forms, the scripts execu...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious JavaScript into WPForms plugin pages. The injected scripts execute whenever other us...

This CVE describes a missing authorization vulnerability in WPForms Contact Form plugin that allows attackers to bypass access controls and perform unauthorized actions. It affects all WordPress sites...

This vulnerability in the WPForms WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute in other users' browsers. It affects WordPress sites using...