Tag
medium
advisory
NEX-Forms WordPress Plugin Vulnerable to Stored Cross-Site Scripting (CVE-2026-5063)
2 rules 1 TTP 1 CVEThe NEX-Forms WordPress plugin is vulnerable to stored XSS via POST parameter key names, allowing unauthenticated attackers to inject arbitrary web scripts.
NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.11
wordpress
xss
stored-xss
cve-2026-5063
2r
1t
1c
medium
advisory
Gravity Forms Plugin Stored XSS Vulnerability (CVE-2026-5113)
2 rules 2 TTPs 1 CVEThe Gravity Forms plugin for WordPress is vulnerable to stored cross-site scripting (XSS) via Consent field hidden inputs, allowing unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the entries list page.
Gravity Forms plugin <= 2.10.0
xss
wordpress
gravityforms
cve-2026-5113
stored-xss
2r
2t
1c
high
advisory
livewire-markdown-editor Arbitrary File Upload Vulnerability
2 rules 1 TTPThe livewire-markdown-editor versions before v1.3 contain an arbitrary file upload vulnerability in the MarkdownEditor::updatedAttachments() Livewire handler, allowing authenticated users to upload any file type, potentially leading to stored XSS, phishing, malware distribution, and markdown injection.
mckenziearts/livewire-markdown-editor +3
arbitrary-file-upload
stored-xss
vulnerability
2r
1t