Contact Form Generator <= 2.5.5 - Cross-Site Scripting

The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

EUVD-2015-6897

Malware in sbrugna...

EUVD-2021-1752

Malware in sbrugna...

EUVD-2025-30535

Malicious code in bioql PyPI...

EUVD-2023-39902

Malicious code in bioql PyPI...

CVE-2025-58665

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issue affects Form Generator for WordPress: from n/a through = 1.52...

CVE-2025-58665

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issue affects Form Generator for WordPress: from n/a through = 1.52...

WordPress Form Generator for WordPress Plugin <= 1.52 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 0xVenus in WordPress Plugin Form Generator for WordPress versions = 1.52...

CVE-2025-58665

CVE-2025-58665 affects the WordPress plugin Form Generator for WordPress. The vulnerability is a Stored XSS in the plugin’s input handling during web page generation, exploitable via inputs stored by the plugin. Affected versions are listed as up to 1.52 (through 1.5.2). The Wordfence vulnerabili...

CVE-2025-58665 WordPress Form Generator for WordPress Plugin <= 1.52 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issue affects Form Generator for WordPress: from n/a through = 1.52...

CVE-2025-58665 WordPress Form Generator for WordPress Plugin <= 1.52 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issue affects Form Generator for WordPress: from n/a through = 1.52...

WordPress plugin Form Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-38954

Name of the Vulnerable Software and Affected Versions tmontg1 Form Generator for WordPress versions through 1.5.2 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Cross-site Scripting XSS. This specific instance...

CVE-2023-37988

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions...

CVE-2023-35911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a throug...

CVE-2015-6965

Multiple cross-site request forgery CSRF vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 create a field, 2 update a field, 3 delete a field, 4 create a form, 5 update a...

CVE-2021-37627

Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users...

Contao: Unencoded insert tags in the frontend

Impact It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Do not output the submitted form data on the website. References...

GHSA-747V-52C4-8VJ8 Contao: Unencoded insert tags in the frontend

Impact It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. Patches Update to Contao 4.13.40 or 5.3.4. Workarounds Do not output the submitted form data on the website. References...

PT-2024-22325 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions 4.0.0 through 4.13.39 Contao versions 5.0.0 through 5.3.3 Description: The issue allows inject tags in frontend forms if the output is structured in a very specific way. It is possible to inject insert tags via the form...