Happyforms

CVEs (4)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-49768	WordPress Happyforms	Cri	0.64	9.8	—	Jun 15, 2026	Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
CVE-2023-48752	Happyforms Happyforms	Hig	0.46	7.1	0.00	Nov 30, 2023	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in…
CVE-2024-10054	Happyforms Happyforms		0.00	—	0.00	May 15, 2025	The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
CVE-2023-0096	WordPress Happyforms		0.00	—	0.00	Feb 6, 2023	The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2026-49768CriJun 15, 2026
WordPress
Happyforms
risk 0.64cvss 9.8epss —
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
CVE-2023-48752HigNov 30, 2023
Happyforms
Happyforms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Happyforms Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms allows Reflected XSS.This issue affects Form builder to get in…
CVE-2024-10054May 15, 2025
Happyforms
Happyforms
risk 0.00cvss —epss 0.00
The Happyforms WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
CVE-2023-0096Feb 6, 2023
WordPress
Happyforms
risk 0.00cvss —epss 0.00
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.