Lucene search

K

WordPress Page Contact Security Vulnerabilities

cve
cve

CVE-2024-2108

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes...

4.6CVSS

7.7AI Score

0.0004EPSS

2024-03-29 07:15 AM
31
cve
cve

CVE-2024-1668

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents.....

6.5CVSS

6.4AI Score

0.0004EPSS

2024-03-13 04:15 PM
44
cve
cve

CVE-2024-0618

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes.....

4.8CVSS

5.3AI Score

0.001EPSS

2024-01-27 06:15 AM
52
cve
cve

CVE-2023-6828

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping....

7.2CVSS

5.9AI Score

0.001EPSS

2024-01-11 09:15 AM
51
cve
cve

CVE-2023-50896

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms – Easy Drag & Drop Contact Form Builder For WordPress: from n/a through...

5.9CVSS

5.4AI Score

0.0004EPSS

2023-12-29 11:15 AM
43
cve
cve

CVE-2023-5125

The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS

5.2AI Score

0.0004EPSS

2023-09-23 05:15 AM
69
cve
cve

CVE-2023-0710

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level...

5.4CVSS

5.7AI Score

0.001EPSS

2023-06-09 06:15 AM
14
cve
cve

CVE-2023-0708

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to...

5.4CVSS

5.7AI Score

0.001EPSS

2023-06-09 06:15 AM
13
cve
cve

CVE-2023-0709

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to...

5.4CVSS

5.7AI Score

0.001EPSS

2023-06-09 06:15 AM
13
cve
cve

CVE-2023-2735

The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS

5.2AI Score

0.002EPSS

2023-05-20 03:15 AM
22
cve
cve

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS

5.7AI Score

0.002EPSS

2023-03-02 07:15 PM
72
cve
cve

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....

9.8CVSS

9.4AI Score

0.004EPSS

2022-02-21 11:15 AM
132
2
cve
cve

CVE-2021-24403

The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as...

7.2CVSS

7.2AI Score

0.001EPSS

2021-09-20 10:15 AM
19