cleantalk
Vulnerabilities and Security Researches

Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms, CVE-2023-0096

CVE, Research URL

CVE-2023-0096

Home page URL

Security reports for Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms

Application

Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms

Published on
Feb 07, 2023
Research Description
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
max 1.22.0.
Status
vulnerable
Previous vulnerability researches
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms (CVE-2024-44063) , Sep 02, 2024
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms (CVE-2024-10054) , May 17, 2025
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms (CVE-2026-49768) , Jun 10, 2026
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms (CVE-2024-23521) , Jun 10, 2024
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms (CVE-2023-48752) , Jun 06, 2024
New vulnerability
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2026-48966) , Jun 10, 2026
Geo Mashup (CVE-2026-48967) , Jun 10, 2026
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms (CVE-2026-49109) , Jun 10, 2026
WP-Paginate (CVE-2021-47982) , Jun 10, 2026
Welcart e-Commerce (CVE-2026-49775) , Jun 10, 2026