Lucene search
+L

758 matches found

Nuclei
Nuclei
added 11 hours ago56 views

Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution

Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...

8.1CVSS5.8AI score0.04175EPSS
Exploits3References2
NVD
NVD
added 5 days ago3 views

CVE-2026-57423

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through = 1.6.3.8...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 5 days ago3 views

CVE-2026-57411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-57411

The CVE-2026-57411 entry concerns the WordPress plugin cf7-views (Aman CF7 Views – Complete Entry Management for Contact Form 7) with a DOM-based XSS vulnerability due to improper neutralization during web page generation. Affected versions are up to 3.2.2. CVSS v3.1 base score is 7.1 (HIGH); att...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-57423

CVE-2026-57423 affects the WordPress plugin Message Filter for Contact Form 7 (cf7-message-filter), specifically versions up to 1.6.3.8. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Impact is reflected XSS...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-57411 WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-57423 WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through = 1.6.3.8...

7.1CVSS0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57722

Name of the Vulnerable Software and Affected Versions Aman CF7 Views versions prior to 3.2.3 Description A DOM-Based Cross-site Scripting XSS issue exists due to improper neutralization of input during web page generation. This allows stored scripts to execute within the user's browser...

7.1CVSS6.2AI score0.0018EPSS
Exploits0References5
NVD
NVD
added 2026/07/11 6:16 a.m.6 views

CVE-2026-13378

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/11 4:32 a.m.33 views

CVE-2026-13378 Form Vibes <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via Contact Form 7 Form Field

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/07/11 4:32 a.m.17 views

CVE-2026-13378

CVE-2026-13378 affects the Form Vibes – Database Manager for Forms plugin for WordPress. It enables unauthenticated Stored Cross-Site Scripting via a Contact Form 7 Form Field in all versions up to 1.5.2 due to insufficient input sanitization and output escaping. This allows injected scripts to e...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/07/09 6:52 a.m.12 views

CVE-2026-15000

The CVE-2026-15000 entry concerns the Connect Contact Form 7 and Mailchimp plugin for WordPress, showing a Stored Cross-Site Scripting vulnerability via Mailchimp Merge Field Values in all versions up to 0.9.78.06. The issue arises from insufficient input sanitization and output escaping, enablin...

7.2CVSS6.2AI score0.0034EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/09 6:52 a.m.7 views

EUVD-2026-42523

The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.2AI score0.0034EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/07/08 2:0 p.m.5 views

WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3.8...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 12:51 p.m.5 views

WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin CF7 Views Complete Entry Management for Contact Form 7 versions = 3.2.2...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57669

Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...

6.5CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.28 views

CVE-2026-57669

The affected software is the WordPress plugin Advanced Contact form 7 DB (versions

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/30 12:36 p.m.7 views

WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...

6.5CVSS5.8AI score0.0034EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38663

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS6AI score0.00295EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/23 4:41 p.m.8 views

WordPress Advanced Contact Form 7 – Compact DB plugin <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Advanced Contact Form 7 – Compact DB versions = 1.0.0...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder