CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the getmainqueryargs function due to insufficient restrictions on which posts can be included. This makes it possib...

CVE-2025-13717

The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpgvccfcheckdownloadrequest' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive...

CVE-2025-13717 Contact Form vCard Generator <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter

The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpgvccfcheckdownloadrequest' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive...

CVE-2022-0248

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the maliciou...

PT-2026-1709

Name of the Vulnerable Software and Affected Versions Contact Form vCard Generator versions up to and including 2.4 Description The Contact Form vCard Generator plugin for WordPress has a flaw where a missing capability check on the wp gvccf check download request function allows unauthorized...

EUVD-2021-11039

Malware in sbrugna...

CVE-2024-3585

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...

CVE-2021-24125

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7contactform GET parameter when submitting a filter request as a high privilege user admin+...

CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

WordPress SimpleForm Contact Form Submissions plugin <= 2.1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin SimpleForm Contact Form Submissions versions = 2.1.0...

CVE-2022-0248

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the maliciou...

Cross site scripting

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the maliciou...

CVE-2022-0248

The CVE-2022-0248 affects the WordPress plugin Contact Form Submissions prior to v1.7.3. The root cause is failure to sanitize/escape additional fields in contact form submissions, allowing unauthenticated attackers to trigger Cross-Site Scripting (XSS) when admins view a malicious submission. Pu...

WordPress plugin Contact Form Submissions 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Contact Form Submissions plugin prior to 1.7.3, which stems from...

WordPress Contact Form Submissions plugin <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yoru Oni in WordPress Contact Form Submissions plugin versions = 1.7.2. Solution Update the WordPress Contact Form Submissions plugin to the latest available version at least 1.7.3...

CVE-2021-24125

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7contactform GET parameter when submitting a filter request as a high privilege user admin+...

CVE-2021-24125

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7contactform GET parameter when submitting a filter request as a high privilege user admin+...

CVE-2021-24125 Contact Form Submissions < 1.7.1 - Authenticated SQL Injection

Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7contactform GET parameter when submitting a filter request as a high privilege user admin+...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Contact Form Submissions plugin 1.6.4 and before,...

WordPress Contact Form Submissions plugin <= 1.7 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Sun research team in WordPress Contact Form Submissions plugin versions = 1.7. Solution Update the WordPress Contact Form Submissions plugin to the latest available version at least 1.7.1...