439 matches found
CVE-2013-7475
The contact-form-plugin plugin before 3.52 for WordPress has XSS...
Cross site scripting
The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues...
Cross site scripting
The contact-form-plugin plugin before 3.96 for WordPress has XSS...
Cross site scripting
The contact-form-plugin plugin before 3.52 for WordPress has XSS...
CVE-2017-18491
The CVE-2017-18491 entry corresponds to the WordPress plugin “Contact Form by BestWebSoft” up to version 4.0.6, which has multiple XSS flaws. The Nuclei template and related sources confirm the vulnerability affects this plugin and describe the impact: authenticated attackers can inject and execu...
CVE-2017-18491
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues...
CVE-2015-9295
The WordPress plugin contact-form-plugin is affected by an XSS vulnerability in versions before 3.96. The issue is described across multiple sources (including Red Hat and CVE records) as a client-side script execution vulnerability in the plugin, with no public exploit details provided in the do...
CVE-2015-9295
The contact-form-plugin plugin before 3.96 for WordPress has XSS...
CVE-2013-7475
CVE-2013-7475 : The WordPress plugin contact-form-plugin is vulnerable to cross-site scripting in all versions before 3.52. The vulnerability is due to an XSS flaw in the plugin and affects the WordPress integration; exploitation details or in-the-wild status are not provided in the documents. No...
CVE-2018-14430
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...
WordPress Trust Form 2.0 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Trust Form WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...
Wordpress tidio-form plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL servers to set up a personal blog site. tidio-form is one of the online live chat form plug-ins. A cross-site scripting vulnerability exists in versi...
WordPress Booking Calendar Contact Form Plugin SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Booking Calendar Contact Form plugin suffers from a SQL injection vulnerability by adding specially crafted shortco...
WordPress Calculated Fields Form Plugin SQL Injection
An SQL injection vulnerability exists in the WordPress Calculated Fields Form Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...
WordPress N-Media Website Contact Form Plugin File Upload Vulnerability
WordPress N-Media Website Contact Form Plugin is prone to arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2014-4518
Cross-site scripting XSS vulnerability in xdresize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter...
WordPress Plugin Contact Form 2.7.5 - SQL Injection
WordPress Plugin Contact Form 2.7.5 - SQL Injection Exploit Title: WordPress Contact Form plugin 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 e.g. curl --data "wpcfeasyformsubmitted=1&wpcfeasyformtest1=testing&wpcfeasyformformid=1 AND...
Vulnerabilities in Contact Form ][ for WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Abuse of Functionality и Cross-Site Scripting уязвимостях в плагине Contact Form для WordPress. Insufficient Anti-automation: Отсутствие капчи позволяет слать автоматические сообщения в частности спам админам сайта...
WordPress Contact Form Plugin <= 7.3 - Remote File Inclusion
Because of this vulnerability in cforms-css.php, the attackers can execute arbitrary PHP code via a URL in the "tm" parameter. Solution Update the plugin...