CVE-2013-10022

A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrmdisplayform/cntctfrmcheckform of the file contactform.php. The manipulation leads to cross site scripting. The attack may be...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrmdisplayform/cntctfrmcheckform of the file contactform.php. The manipulation leads to cross site scripting. The attack may be...

CVE-2013-10022

CVE-2013-10022 details (mode C): A cross-site scripting vulnerability exists in the BestWebSoft Contact Form Plugin for WordPress, specifically in the functions cntctfrm_display_form/cntctfrm_check_form within contact_form.php. The issue affects version 3.51 and can be triggered remotely. A fix i...

PT-2023-10011 · Bestwebsoft · Bestwebsoft Contact Form Plugin

Name of the Vulnerable Software and Affected Versions: BestWebSoft Contact Form Plugin version 3.51 Description: A vulnerability has been found in the BestWebSoft Contact Form Plugin, affecting the function cntctfrm display form/cntctfrm check form of the file contact form.php. This issue leads t...

CVE-2022-47173

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin = 1.62.0 versions...

WordPress Easy Testimonial Slider and Form Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS)

Software Easy Testimonial Slider and Form Type Plugin Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46799 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 929579106c87 Credit...

CVE-2022-3463

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...

Design/Logic Flaw

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...

WordPress plugin Contact Form Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2022-22254 · WordPress · Contact-Form-Plugin

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin WordPress plugin versions prior to 4.3.13 Description: The issue is related to the Contact Form Plugin WordPress plugin, where it does not validate and escape fields when exporting form entries as CSV. This leads to a CSV...

CVE-2022-38972

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...

CVE-2022-38972

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...

Six Apart Movable Type 跨站脚本漏洞

Six Apart Movable Type MT is a blogging system from Six Apart USA. The system includes features such as multiple users, comments, quotes, and topics. A security vulnerability exists in the Six Apart Movable Type plugin A-Form, which originates from the fact that it allows remote, unauthenticated...

WordPress plugin Ninja Forms Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-1326

The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-1326

The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Saturday Drive's Ninja Forms Contact Form plugin = 3.6.9 at WordPress via "label"...

CVE-2017-20055

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

CVE-2017-20055

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...

Cross site scripting

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting Stored. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...