Vulnerabilities and security researches forviews-for-wpforms-lite views-for-wpforms-lite
Direction: descendingMay 14, 2026
Views for WPForms – Display & Edit WPForms Entries on your site frontend # CVE-2026-42742
- CVE, Research URL
- Home page URL
- Date
- May 12, 2026
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through <= 3.4.6.
- Affected versions
-
max 3.4.6.
- Status
-
vulnerable
Jun 07, 2024
Views for WPForms – Display & Edit WPForms Entries on your site frontend # CVE-2024-0371
- CVE, Research URL
- Home page URL
- Date
- Feb 06, 2024
- Research Description
- The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
- Affected versions
-
max 3.2.3.
- Status
-
vulnerable
Views for WPForms – Display & Edit WPForms Entries on your site frontend # CVE-2024-0374
- CVE, Research URL
- Home page URL
- Date
- Feb 06, 2024
- Research Description
- The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 3.2.3.
- Status
-
vulnerable
Views for WPForms – Display & Edit WPForms Entries on your site frontend # CVE-2024-0372
- CVE, Research URL
- Home page URL
- Date
- Feb 06, 2024
- Research Description
- The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
- Affected versions
-
max 3.2.3.
- Status
-
vulnerable
Views for WPForms – Display & Edit WPForms Entries on your site frontend # CVE-2024-0370
- CVE, Research URL
- Home page URL
- Date
- Feb 06, 2024
- Research Description
- The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
- Affected versions
-
max 3.2.3.
- Status
-
vulnerable
Views for WPForms – Display & Edit WPForms Entries on your site frontend # CVE-2024-0373
- CVE, Research URL
- Home page URL
- Date
- Feb 06, 2024
- Research Description
- The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 3.2.3.
- Status
-
vulnerable