20 matches found
EUVD-2025-2975
Malicious code in bioql PyPI...
CVE-2025-22761
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Olaf Lederer Ajax Contact Form fws-ajax-contact-form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through = 1.4.1...
CVE-2024-5808
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2025-22761
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Olaf Lederer Ajax Contact Form fws-ajax-contact-form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through = 1.4.1...
CVE-2025-22761 WordPress Ajax Contact Form plugin <= 1.4.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Olaf Lederer Ajax Contact Form fws-ajax-contact-form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through = 1.4.1...
CVE-2025-22761 WordPress Ajax Contact Form plugin <= 1.2.5.1 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Olaf Lederer Ajax Contact Form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through 1.2.5.1...
WordPress plugin Ajax Contact Form 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress Ajax Contact Form plugin <= 1.4.1 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by l8BL Patchstack Alliance in WordPress Plugin Ajax Contact Form versions = 1.4.1...
WordPress WP Ajax Contact Form plugin <= 2.2.2 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Bob Matyas in WordPress Plugin WP Ajax Contact Form versions = 2.2.2...
CVE-2024-5809
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users...
CVE-2024-5808
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2024-5809 WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users...
CVE-2024-5809
CVE-2024-5809 affects the WordPress plugin WP Ajax Contact Form (versions up to and including 2.2.2). The issue is a Reflected Cross-Site Scripting caused by not sanitising/escaping a parameter before echoing it in the page, potentially targeting admin users. Public details confirm the vulnerabil...
CVE-2024-5808
CVE-2024-5808 affects the WP Ajax Contact Form WordPress plugin up to version 2.2.2. The vulnerability is due to missing CSRF protection when deleting emails from the email list, potentially allowing a logged-in admin to be coerced into performing deletion via CSRF. Technical details across conne...
PT-2024-37171 · WordPress · Wp Ajax Contact Form
Name of the Vulnerable Software and Affected Versions: WP Ajax Contact Form WordPress plugin versions 2.2.2 and earlier Description: The issue concerns a lack of CSRF check when deleting emails from the email list. This could allow attackers to make a logged-in admin perform such an action via a...
PT-2024-37172 · WordPress · Wp Ajax Contact Form
Name of the Vulnerable Software and Affected Versions: WP Ajax Contact Form WordPress plugin versions 2.2.2 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in...
WordPress plugin WP Ajax Contact Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
WordPress WP Ajax Contact Form Plugin <= 2.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Ajax Contact Form Type Plugin Vulnerable versions = 2.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5808 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1a37a94a7ce4 Credits Bob Matyas Requir...
WordPress plugin WP Ajax Contact Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
WordPress WP Ajax Contact Form Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)
Software WP Ajax Contact Form Type Plugin Vulnerable versions = 2.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5809 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d1bf246662eb Credits Bob Matyas...