Abhinav Porwal

#12071of 53,633
22.6Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2025-15724
5.9
2025-04-09
Unknown · Youtube Embed · CVE-2025-31008
Name of the Vulnerable Software and Affected Versions: YouTube Embed versions n/a through 5.3.1 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting (XSS). Specifically, it is a Stored XSS vulnerability in the YouTube Embed Plugin Support, which allows malicious input to be stored and executed. Recommendations: For versions n/a through 5.3.1, update to a version later than 5.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the YouTube Embed Plugin Support until a patch is available.
PT-2025-13561
7.1
2025-03-28
Unknown · Html Forms · CVE-2025-31080
**Name of the Vulnerable Software and Affected Versions** HTML Forms versions 1.5.1 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. This allows for Stored XSS attacks. **Recommendations** For versions 1.5.1 and earlier, update to a version that fixes this issue to prevent Stored XSS attacks. As a temporary workaround, consider restricting user input in HTML Forms to minimize the risk of exploitation.
PT-2022-13963
4.8
2022-05-30
10Web · The Form Maker · CVE-2022-1564
**Name of the Vulnerable Software and Affected Versions** The Form Maker by 10Web WordPress plugin versions prior to 1.14.12 **Description** The issue concerns the lack of proper sanitization and escaping of the Custom Text settings in the plugin. This could allow high-privilege users, such as admins, to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.14.12, update to version 1.14.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the Custom Text settings to minimize the risk of exploitation.
PT-2022-13500
4.8
2022-04-04
WordPress · Profile Builder · CVE-2022-0884
**Name of the Vulnerable Software and Affected Versions** Profile Builder WordPress plugin versions prior to 3.6.8 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape Form Fields titles and descriptions, even when unfiltered html is disallowed. **Recommendations** For versions prior to 3.6.8, update to version 3.6.8 or later to resolve the issue.