Contact Form Generator <= 2.5.5 - Cross-Site Scripting

The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

EUVD-2015-6897

Malware in sbrugna...

EUVD-2023-39902

Malicious code in bioql PyPI...

CVE-2023-37988

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions...

CVE-2023-35911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a throug...

CVE-2015-6965

Multiple cross-site request forgery CSRF vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 create a field, 2 update a field, 3 delete a field, 4 create a form, 5 update a...

CVE-2023-35911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a throug...

CVE-2023-35911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a throug...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a throug...

CVE-2023-35911

CVE-2023-35911 concerns SQL Injection in the WordPress plugin Contact Form Generator (Creative form builder) for WordPress, affecting versions up to 2.6.0. The issue is described as Improper Neutralization of Special Elements used in an SQL Command, i.e., an SQL injection vulnerability. Affected ...

CVE-2023-35911 WordPress Contact Form Generator Plugin <= 2.6.0 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a throug...

PT-2023-25376 · WordPress · Contact Form Generator

Name of the Vulnerable Software and Affected Versions: Contact Form Generator : Creative form builder for WordPress versions prior to 2.6.0 Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allow...

WordPress Plugin Contact Form Generator : Creative form builder for WordPress SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Contact Form Generator :...

WordPress Contact Form Generator Plugin <= 2.7.1 is vulnerable to SQL Injection

Software Contact Form Generator Type Plugin Vulnerable versions = 2.7.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-35911 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c4dfa47fc5c7 Credits Emili Castells Required privilege Contributo...

WordPress Contact Form Generator 2.5.5 Cross Site Scripting

Exploit Title: WP Plugins Contact Form Generator 2.5.5 - Reflected Cross-Site Scripting Date: 03-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-generator/ Vendor Homepage: https://www.creative-solutions.net/ Version: 2.5.5 Tested on: Windows, Linux CVE:...

CVE-2023-37988

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions...

EUVD-2023-41815

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions...

CVE-2023-37988 WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions...

CVE-2023-37988

The CVE-2023-37988 entry corresponds to the WordPress plugin Contact Form Generator (Creative Solutions) with a reflected XSS flaw in versions

PT-2023-5945 · Creative Solutions · Creative Solutions Contact Form Generator

Name of the Vulnerable Software and Affected Versions: Creative Solutions Contact Form Generator plugin versions = 2.5.5 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability in the Creative Solutions Contact Form Generator plugin. This vulnerability...