Lucene search
K

143 matches found

Nuclei
Nuclei
added 12 hours ago49 views

Contact Form Entries < 1.2.4 - Cross-Site Scripting

The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page id: CVE-2021-25079 info: name: Contact Form Entries 1.2.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The...

6.1CVSS6.4AI score0.0682EPSS
Exploits4References4
Nuclei
Nuclei
added 12 hours ago20 views

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. id: CVE-2017-20194 info...

5.3CVSS6.1AI score0.01098EPSS
Exploits1References3
NVD
NVD
added yesterday3 views

CVE-2026-57708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57708

Affected product/versions: WordPress WordPress plugin “Contact Form Entries” (contact-form-entries)

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-57708 WordPress Contact Form Entries plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-9017

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00273EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43163

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
Patchstack
Patchstack
added 4 days ago5 views

WordPress Contact Form Entries plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.2...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 11:5 a.m.6 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload vulnerability

Unauthenticated Arbitrary File Copy/Upload vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Contact Form Entries versions = 1.5.1...

6.5CVSS5.8AI score0.00372EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/02 9:32 a.m.8 views

EUVD-2026-41273

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-54951

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms versions prior to 1.5.2 Description An arbitrary file copy issue exists in the create entry el function. The function retrieves the raw value from the Elementor Pro Form Record object for...

6.5CVSS6AI score0.00372EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 6:0 a.m.13 views

CVE-2026-11581

The CVE-2026-11581 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder for WordPress, vulnerable before version 2.4.13. The form captions (columns on the form-entries admin screen) are not sanitized, allowing stored XSS where a user with Contributor-level access (or higher) can i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51671

Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/22 9:21 a.m.9 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability

Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...

8.1CVSS5.9AI score0.00662EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:33 p.m.2 views

EUVD-2026-20529

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vszcf7savesettingcallback' function. This makes it possible for unauthenticated attackers to...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.6 views

CVE-2026-2707

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is due to inconsistent input sanitization between the frontend AJAX handler and the REST API endpoint. When entries are...

6.4CVSS6AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.3 views

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12200

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

WordPress plugin NEX-Forms – Ultimate Forms Plugin for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References2
Rows per page
Query Builder