Lucene search
K

67 matches found

NVD
NVD
added 2026/07/01 7:16 a.m.8 views

CVE-2026-11562

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.42 views

CVE-2026-11562 WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-56809

Malicious code in bioql PyPI...

7.6CVSS7.6AI score0.00478EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-5411

Malicious code in bioql PyPI...

6.5CVSS9.2AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-29968

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-57739

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00493EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42356

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00304EPSS
Exploits0References1
CVE
CVE
added 2025/06/30 6:0 a.m.25 views

CVE-2025-5730

CVE-2025-5730 affects the WordPress Contact Form Plugin prior to 1.1.29. The issue is caused by insufficient sanitization/escaping of certain plugin settings, allowing authenticated high-privilege users (e.g., contributors) to perform a Stored Cross-Site Scripting (XSS) attack. The vulnerability ...

4.3CVSS5.5AI score0.00206EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.17 views

CVE-2024-32147

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23...

6.5CVSS5.2AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.7 views

CVE-2024-10647

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated...

6.1CVSS6.3AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/27 12:5 p.m.27 views

CVE-2025-3912

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getconfig' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to...

5.3CVSS6.9AI score0.0034EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/25 9:1 p.m.9 views

WordPress WS Form LITE plugin <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Amin Beheshti in WordPress Plugin WS Form LITE versions = 1.10.35...

5.3CVSS8.2AI score0.0034EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/04/25 12:15 p.m.14 views

CVE-2025-3912

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getconfig' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to...

5.3CVSS0.0034EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/25 11:12 a.m.7 views

CVE-2025-3912 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getconfig' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to...

5.3CVSS5.1AI score0.0034EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/04/25 11:12 a.m.20 views

CVE-2025-3912 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getconfig' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to...

5.3CVSS0.0034EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.8 views

PT-2025-17901 · WordPress · Ws Form Lite

Name of the Vulnerable Software and Affected Versions: WS Form LITE – Drag & Drop Contact Form Builder for WordPress versions prior to 1.10.36 Description: The issue allows unauthorized access to data due to a missing capability check on the get config function. This makes it possible for...

5.3CVSS6.1AI score0.0034EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/02/27 2:32 p.m.3 views

CVE-2025-26962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

6.5CVSS7.2AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/02/25 3:15 p.m.7 views

CVE-2025-26962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

6.5CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2025/02/25 2:17 p.m.60 views

CVE-2025-26962

CVE-2025-26962 is an active stored cross-site scripting (XSS) vulnerability in GhozyLab Easy Contact Form Lite (a WordPress plugin). According to the documents, it affects Easy Contact Form Lite versions from n/a up to 1.1.25, with the issue stemming from improper input neutralization during web ...

6.5CVSS7.2AI score0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/25 2:17 p.m.7 views

CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

6.5CVSS7.2AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder