Lucene search
+L

31735 matches found

Cvelist
Cvelist
added 2026/06/20 1:27 a.m.34 views

CVE-2026-9843 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS0.00662EPSS
Exploits0References7
OSV
OSV
added 2026/06/19 5:45 p.m.11 views

GHSA-9WXG-VF3R-56HC OpenZeppelin Contracts Wizard: Line terminators in info.securityContact / info.license can inject lines into generated source

Summary The Contracts Wizard generators printed info.securityContact and info.license verbatim into a single-line comment of the generated Solidity, Cairo, Stellar/Soroban, and Stylus source without rejecting line terminators. A newline \n or \r\n in either field ends the comment, so the text aft...

3.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/06/18 8:16 a.m.12 views

CVE-2026-11395

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.00231EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/18 6:50 a.m.13 views

EUVD-2026-37863

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS5.4AI score0.00231EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 6:50 a.m.30 views

CVE-2026-11395 CF7 to Webhook <= 5.0.0 - Unauthenticated Server-Side Request Forgery via CF7 Field Placeholder in Webhook URL Host

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pullthetrigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

7.2CVSS0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 6:50 a.m.33 views

CVE-2026-11395

CVE-2026-11395 : The CF7 to Webhook plugin for WordPress is vulnerable to unauthenticated Server-Side Request Forgery through the pull_the_trigger path, affecting all versions up to and including 5.0.0. Exploitation requires the admin-configured webhook URL to contain a Contact Form 7 field place...

7.2CVSS5.5AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-2604

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...

5.6CVSS0.00189EPSS
Exploits0References5
CVE
CVE
added 2026/06/16 4:30 a.m.13 views

CVE-2026-9187

The Abandoned Contact Form 7 plugin for WordPress (

5.3CVSS5.5AI score0.00228EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 4:30 a.m.34 views

CVE-2026-9187 Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing nonce validation in the actionremoveabandoned function, which is registered to both the...

5.3CVSS0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49620

Name of the Vulnerable Software and Affected Versions Abandoned Contact Form 7 versions prior to 2.3 Description The plugin allows unauthenticated attackers to permanently delete arbitrary posts, pages, or other content on a site. This occurs because the action remove abandoned function, register...

5.3CVSS6AI score0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/15 9:30 p.m.13 views

EUVD-2026-36978

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS5.3AI score0.00442EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36928

Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36909

Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:17 p.m.16 views

CVE-2026-49763

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.17 views

CVE-2026-49105

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

9.8CVSS0.00476EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49106

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...

9.8CVSS0.00383EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.16 views

CVE-2026-49104

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

9.8CVSS0.00476EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 9:17 p.m.14 views

CVE-2026-49055

Unauthenticated Cross Site Scripting XSS in Drag and Drop Multiple File Upload – Contact Form 7 = 1.3.9.7 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-48835

Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...

7.5CVSS0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-40769

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

8.6CVSS0.00442EPSS
Exploits0References1
Rows per page
Query Builder