31 matches found
EUVD-2021-11082
Malware in sbrugna...
EUVD-2014-7111
Malware in sbrugna...
EUVD-2025-5411
Malicious code in bioql PyPI...
EUVD-2024-29968
Malicious code in bioql PyPI...
CVE-2025-5730
CVE-2025-5730 affects the WordPress Contact Form Plugin prior to 1.1.29. The issue is caused by insufficient sanitization/escaping of certain plugin settings, allowing authenticated high-privilege users (e.g., contributors) to perform a Stored Cross-Site Scripting (XSS) attack. The vulnerability ...
CVE-2024-32147
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23...
CVE-2025-26962
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...
CVE-2025-26962
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...
CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...
CVE-2025-26962
CVE-2025-26962 is an active stored cross-site scripting (XSS) vulnerability in GhozyLab Easy Contact Form Lite (a WordPress plugin). According to the documents, it affects Easy Contact Form Lite versions from n/a up to 1.1.25, with the issue stemming from improper input neutralization during web ...
CVE-2024-32147
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23...
CVE-2024-32147 WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23...
WordPress Contact Form Plugin plugin <= 1.1.23 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Easy Contact Form Lite versions = 1.1.23...
WordPress Easy Contact Form Lite Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)
Software Easy Contact Form Lite Type Plugin Vulnerable versions = 1.1.23 Fixed in 1.1.25 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1074c1b0d54 Credits Abdi Pranata Required privile...
CVE-2021-24168
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...
Cross site scripting
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...
CVE-2021-24168 Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...
CVE-2021-24168
CVE-2021-24168 affects the Easy Contact Form Pro WordPress plugin prior to 1.1.1.9. The vulnerability is an authenticated stored XSS caused by insufficient sanitization of text fields (e.g., Email Subject, Email Recipient) during form creation/editing. This could allow medium-privilege accounts (...
WordPress 跨站脚本漏洞
WordPress Easy Contact Form Pro is a WordPress open source application. Create web forms without writing any code and the form is ready to use immediately. A security vulnerability exists in WordPress plugin Easy Contact Form Pro versions prior to 1.1.1.9, which allows medium-privileged accounts ...
WordPress Plugin Easy Contact Form 'Name' Cross-Site Scripting Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. WordPress plugin Easy Contact Form 'Name' cross-site scripting vulnerability. An attacker c...