Tag

Gravityforms

3 briefs RSS

Gravity Forms Plugin Stored XSS Vulnerability (CVE-2026-5113)

The Gravity Forms plugin for WordPress is vulnerable to stored cross-site scripting (XSS) via Consent field hidden inputs, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the entries list page.

Gravity Forms plugin <= 2.10.0 xss wordpress gravityforms cve-2026-5113 stored-xss

2r 2t 1c 2d ago

medium advisory

Gravity Forms Plugin Unauthenticated Stored XSS Vulnerability

2 rules 1 TTP 1 CVE

The Gravity Forms plugin for WordPress is vulnerable to unauthenticated stored cross-site scripting (XSS) in versions up to 2.10.0, allowing attackers to inject arbitrary JavaScript code into the product name field within repeater fields, which executes when an administrator views the affected entry.

Gravity Forms plugin <= 2.10.0 xss wordpress gravityforms

2r 1t 1c Jan 3, 2024

medium advisory

Gravity Forms Plugin Unauthenticated Stored XSS Vulnerability

2 rules 1 CVE

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting (XSS) in versions up to and including 2.10.0, allowing unauthenticated attackers to inject arbitrary web scripts via form submissions that execute when an administrator views the entry detail page.

Gravity Forms plugin xss wordpress gravityforms

2r 1c Jan 3, 2024