← Back

Rocketgenius

rocketgenius

5 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Gravityforms
gravityforms
4 CVEs
Gravity Forms Webhooks
gravity_forms_webhooks
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-13845
1Rocketgenius
1Gravity Forms Webhooks
May 19, 2025
May 1, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for a...Show more
The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Show less
CVE-2020-27852
1Rocketgenius
1Gravityforms
Nov 21, 2024
Jan 20, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interp...Show more
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).Show less
CVE-2020-27851
1Rocketgenius
1Gravityforms
Nov 21, 2024
Jan 20, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or...Show more
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).Show less
CVE-2020-27850
1Rocketgenius
1Gravityforms
Nov 21, 2024
Jan 20, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code...Show more
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).Show less
CVE-2020-13764
1Rocketgenius
1Gravityforms
Nov 21, 2024
Jun 2, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.