Contact Form Widget Security Vulnerabilities

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

CVE-2024-34754

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Contact Form Widget.This issue affects Contact Form Widget: from n/a through...

CVE-2024-4486

The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

CVE-2023-52214

Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through...

CVE-2023-46075

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6...

CVE-2023-0484

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF...

CVE-2022-47166

Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.1.1...

CVE-2019-17072

The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via...