Lucene search
K

439 matches found

NVD
NVD
added 2019/08/13 5:15 p.m.20 views

CVE-2013-7475

The contact-form-plugin plugin before 3.52 for WordPress has XSS...

6.1CVSS6.4AI score0.00923EPSS
Exploits0References1
Prion
Prion
added 2019/08/13 5:15 p.m.12 views

Cross site scripting

The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues...

4.3CVSS6AI score0.01458EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/08/13 5:15 p.m.11 views

Cross site scripting

The contact-form-plugin plugin before 3.96 for WordPress has XSS...

4.3CVSS7.2AI score0.00923EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/13 5:15 p.m.17 views

Cross site scripting

The contact-form-plugin plugin before 3.52 for WordPress has XSS...

4.3CVSS7.2AI score0.00923EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/13 4:49 p.m.71 views

CVE-2017-18491

The CVE-2017-18491 entry corresponds to the WordPress plugin “Contact Form by BestWebSoft” up to version 4.0.6, which has multiple XSS flaws. The Nuclei template and related sources confirm the vulnerability affects this plugin and describe the impact: authenticated attackers can inject and execu...

6.1CVSS6AI score0.01464EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/08/13 4:49 p.m.17 views

CVE-2017-18491

The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues...

6.1AI score0.01464EPSS
Exploits1References1
CVE
CVE
added 2019/08/13 4:48 p.m.57 views

CVE-2015-9295

The WordPress plugin contact-form-plugin is affected by an XSS vulnerability in versions before 3.96. The issue is described across multiple sources (including Red Hat and CVE records) as a client-side script execution vulnerability in the plugin, with no public exploit details provided in the do...

6.1CVSS6.4AI score0.00923EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/13 4:48 p.m.17 views

CVE-2015-9295

The contact-form-plugin plugin before 3.96 for WordPress has XSS...

6.4AI score0.00923EPSS
Exploits0References1
CVE
CVE
added 2019/08/13 4:47 p.m.47 views

CVE-2013-7475

CVE-2013-7475 : The WordPress plugin contact-form-plugin is vulnerable to cross-site scripting in all versions before 3.52. The vulnerability is due to an XSS flaw in the plugin and affects the WordPress integration; exploitation details or in-the-wild status are not provided in the documents. No...

6.1CVSS6.4AI score0.00923EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/07/25 11:29 p.m.8 views

CVE-2018-14430

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...

6.1CVSS5.8AI score0.01255EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2017/03/01 12:0 a.m.35 views

WordPress Trust Form 2.0 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Trust Form WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...

Exploits0
CNVD
CNVD
added 2016/10/13 12:0 a.m.9 views

Wordpress tidio-form plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL servers to set up a personal blog site. tidio-form is one of the online live chat form plug-ins. A cross-site scripting vulnerability exists in versi...

6.1CVSS5.9AI score0.04173EPSS
Exploits2References1
CNVD
CNVD
added 2016/04/20 12:0 a.m.3 views

WordPress Booking Calendar Contact Form Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin suffers from a SQL injection vulnerability by adding specially crafted shortco...

8AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2016/01/25 12:0 a.m.3 views

WordPress Calculated Fields Form Plugin SQL Injection

An SQL injection vulnerability exists in the WordPress Calculated Fields Form Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

4.2AI score
Exploits0
OpenVAS
OpenVAS
added 2015/04/22 12:0 a.m.14 views

WordPress N-Media Website Contact Form Plugin File Upload Vulnerability

WordPress N-Media Website Contact Form Plugin is prone to arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.4AI score
Exploits0References4
NVD
NVD
added 2014/07/01 2:55 p.m.17 views

CVE-2014-4518

Cross-site scripting XSS vulnerability in xdresize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter...

4.3CVSS5.8AI score0.01629EPSS
Exploits1References1
exploitpack
exploitpack
added 2011/10/14 12:0 a.m.12 views

WordPress Plugin Contact Form 2.7.5 - SQL Injection

WordPress Plugin Contact Form 2.7.5 - SQL Injection Exploit Title: WordPress Contact Form plugin 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 e.g. curl --data "wpcfeasyformsubmitted=1&wpcfeasyformtest1=testing&wpcfeasyformformid=1 AND...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2008/08/08 12:0 a.m.28 views

Vulnerabilities in Contact Form ][ for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Abuse of Functionality и Cross-Site Scripting уязвимостях в плагине Contact Form для WordPress. Insufficient Anti-automation: Отсутствие капчи позволяет слать автоматические сообщения в частности спам админам сайта...

0.1AI score
Exploits0
Patchstack
Patchstack
added 2008/02/04 12:0 a.m.17 views

WordPress Contact Form Plugin <= 7.3 - Remote File Inclusion

Because of this vulnerability in cforms-css.php, the attackers can execute arbitrary PHP code via a URL in the "tm" parameter. Solution Update the plugin...

6.8CVSS6.5AI score0.01956EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder