CVE-2026-49768
- EPSS 0.38%
- Veröffentlicht 15.06.2026 20:19:24
- Zuletzt bearbeitet 15.06.2026 21:24:32
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
CVE-2024-10054
- EPSS 0.27%
- Veröffentlicht 15.05.2025 20:15:32
- Zuletzt bearbeitet 04.06.2025 20:38:47
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow...
CVE-2024-44063
- EPSS 0.25%
- Veröffentlicht 15.09.2024 08:15:12
- Zuletzt bearbeitet 27.09.2024 14:31:05
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.
CVE-2024-23521
- EPSS 0.38%
- Veröffentlicht 11.06.2024 16:15:19
- Zuletzt bearbeitet 21.11.2024 08:57:52
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10.
CVE-2023-48752
- EPSS 0.41%
- Veröffentlicht 30.11.2023 17:15:13
- Zuletzt bearbeitet 28.04.2026 19:22:14
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affect...
CVE-2023-0096
- EPSS 0.5%
- Veröffentlicht 06.02.2023 20:15:13
- Zuletzt bearbeitet 25.03.2025 18:15:30
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cr...