CVE-2026-5111 - Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater
CVE ID :CVE-2026-5111 Published : May 2, 2026, 5:29 a.m. | 37 minutes ago Description :The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] I built an image compressor that never sees your images published
- [CYBER] CVE-2026-31431 (Copy Fail) PHP PoC
- [CYBER] Trellix Confirms Source Code Breach With Unauthorized Repository Access
- [CYBER] Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram
- [CYBER] CVE-2026-5110 - Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater
- [CYBER] CVE-2026-7647 - Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection