429 matches found
Design/Logic Flaw
The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter...
CVE-2017-18613
The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter...
WordPress contact-form-plugin plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-plugin is a contact form plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
WordPress booking-calendar-contact-form plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress booking-calendar-contact-form plugin. An attacker...
WordPress booking-calendar-contact-form plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress booking-calendar-contact-form plugin. An attacker can...
CVE-2013-7481
CVE-2013-7481 is a cross-site scripting (XSS) vulnerability in the WordPress plugin contact-form-plugin, affecting versions before 3.3.5. The issue resides in the plugin’s contact_form.php, enabling an attacker to inject script. Remediation: upgrade to version 3.3.5 or later. Other connected sour...
CVE-2013-7481
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS...
CVE-2017-18491
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues...
CVE-2016-10869
The contact-form-plugin plugin before 4.0.2 for WordPress has XSS...
CVE-2013-7475
The contact-form-plugin plugin before 3.52 for WordPress has XSS...
CVE-2015-9295
The contact-form-plugin plugin before 3.96 for WordPress has XSS...
Cross site scripting
The contact-form-plugin plugin before 3.96 for WordPress has XSS...
Cross site scripting
The contact-form-plugin plugin before 3.52 for WordPress has XSS...
Cross site scripting
The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues...
CVE-2017-18491
The CVE-2017-18491 entry corresponds to the WordPress plugin “Contact Form by BestWebSoft” up to version 4.0.6, which has multiple XSS flaws. The Nuclei template and related sources confirm the vulnerability affects this plugin and describe the impact: authenticated attackers can inject and execu...
CVE-2017-18491
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues...
CVE-2015-9295
The WordPress plugin contact-form-plugin is affected by an XSS vulnerability in versions before 3.96. The issue is described across multiple sources (including Red Hat and CVE records) as a client-side script execution vulnerability in the plugin, with no public exploit details provided in the do...
CVE-2015-9295
The contact-form-plugin plugin before 3.96 for WordPress has XSS...
CVE-2013-7475
CVE-2013-7475 : The WordPress plugin contact-form-plugin is vulnerable to cross-site scripting in all versions before 3.52. The vulnerability is due to an XSS flaw in the plugin and affects the WordPress integration; exploitation details or in-the-wild status are not provided in the documents. No...
CVE-2018-14430
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...