Product
medium
advisory
Gravity Forms Plugin Stored XSS Vulnerability (CVE-2026-5113)
2 rules 2 TTPs 1 CVEThe Gravity Forms plugin for WordPress is vulnerable to stored cross-site scripting (XSS) via Consent field hidden inputs, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the entries list page.
Gravity Forms plugin <= 2.10.0
xss
wordpress
gravityforms
cve-2026-5113
stored-xss
2r
2t
1c
medium
advisory
Gravity Forms Plugin Unauthenticated Stored XSS Vulnerability
2 rules 1 TTP 1 CVEThe Gravity Forms plugin for WordPress is vulnerable to unauthenticated stored cross-site scripting (XSS) in versions up to 2.10.0, allowing attackers to inject arbitrary JavaScript code into the product name field within repeater fields, which executes when an administrator views the affected entry.
Gravity Forms plugin <= 2.10.0
xss
wordpress
gravityforms
2r
1t
1c