rocketgenius 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk ssrf, and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-13845 | The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | [email protected] | 5.5 | 0.16% | 2025-05-01 | 2025-05-19 |
| CVE-2020-27852 | A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). | [email protected] | 5.4 | 0.61% | 2021-01-20 | 2024-11-21 |
| CVE-2020-27851 | Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). | [email protected] | 5.4 | 0.61% | 2021-01-20 | 2024-11-21 |
| CVE-2020-27850 | A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). | [email protected] | 4.8 | 0.62% | 2021-01-20 | 2024-11-21 |
| CVE-2020-13764 | common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. | [email protected] | 7.5 | 1.83% | 2020-06-02 | 2024-11-21 |