Lucene search
K

65 matches found

NVD
NVD
added 9 hours ago2 views

CVE-2026-57708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS
Exploits0References1
CVE
CVE
added 10 hours ago5 views

CVE-2026-57708

Affected product/versions: WordPress WordPress plugin “Contact Form Entries” (contact-form-entries)

7.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 10 hours ago3 views

CVE-2026-57708 WordPress Contact Form Entries plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS
Exploits0References1
Nuclei
Nuclei
added 14 hours ago49 views

Contact Form Entries < 1.2.4 - Cross-Site Scripting

The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page id: CVE-2021-25079 info: name: Contact Form Entries 1.2.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The...

6.1CVSS6.4AI score0.0682EPSS
Exploits4References4
Patchstack
Patchstack
added 3 days ago4 views

WordPress Contact Form Entries plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.2...

7.1CVSS6.1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 11:5 a.m.6 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload vulnerability

Unauthenticated Arbitrary File Copy/Upload vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Contact Form Entries versions = 1.5.1...

6.5CVSS5.8AI score0.00372EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/02 9:32 a.m.8 views

EUVD-2026-41273

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-54951

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms versions prior to 1.5.2 Description An arbitrary file copy issue exists in the create entry el function. The function retrieves the raw value from the Elementor Pro Form Record object for...

6.5CVSS6AI score0.00372EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51671

Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/22 9:21 a.m.9 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability

Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...

8.1CVSS5.9AI score0.00662EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/06 7:29 a.m.10 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability

Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:37 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability

Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability discovered by Teerachai Somprasong in WordPress Plugin Contact Form Entries versions = 1.4.5...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability

Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin Contact Form Entries versions = 1.4.3...

9.8CVSS5.9AI score0.01589EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-37474

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00397EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-42967

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00428EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.8 views

CVE-2023-33311

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...

6.5CVSS5.6AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:10 p.m.6 views

CVE-2022-3604

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7.8CVSS6.7AI score0.00428EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/02/05 5:16 a.m.5 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.7AI score0.01219EPSS
Exploits0References1
NVD
NVD
added 2024/05/02 5:15 p.m.22 views

CVE-2024-3585

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...

5.3CVSS5AI score0.00691EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/23 2:57 a.m.4 views

WordPress Contact Form Entries plugin <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin Contact Form Entries versions = 1.3.8...

7.2CVSS5.8AI score0.00636EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder