VYPR

Weforms

by Boldgrid

Source repositories

CVEs (3)

  • CVE-2026-32484HigMar 25, 2026
    risk 0.50cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26.

  • CVE-2026-2707MedMar 11, 2026
    risk 0.35cvss 6.4epss 0.00

    The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When…

  • CVE-2025-69028MedDec 30, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.