WordPress HT Contact Form plugin <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability

Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin HT Contact Form 7 versions = 2.8.2...

CVE-2026-7052

The CVE concerns the HT Contact Form – Drag & Drop Form Builder for WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file_upload parameter for all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Exploitation requires the Store Subm...

CVE-2026-7052 HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin HT Contact Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-42728

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...

CVE-2026-42728

HT Contact Form 7 WordPress plugin (ht-contactform) &lt; = 2.8.2 is affected by CVE-2026-42728: Improper neutralization of input during web page generation, enabling Stored XSS. Root cause: input not properly sanitized before page generation. CVSSv3.1 base score 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I...

CVE-2026-42728 WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...

EUVD-2026-32186

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...

WordPress plugin HT Contact Form 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2025-21677

Malicious code in bioql PyPI...

EUVD-2025-21415

Malicious code in bioql PyPI...

EUVD-2025-21412

Malicious code in bioql PyPI...

EUVD-2025-3918

Malicious code in bioql PyPI...

EUVD-2025-21413

Malicious code in bioql PyPI...

10,000 WordPress Sites Affected by Critical Vulnerabilities in HT Contact Form WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

CVE-2025-54015

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows PHP Local File Inclusion.This issue affects HT Contact Form 7: from n/a through = 2.0.0...

CVE-2025-7341

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the tempfiledelete function in all versions up to, and including, 2.2.1. This makes it possible for...

WordPress HT Contact Form 7 plugin <= 2.0.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin HT Contact Form 7 versions = 2.0.0...

CVE-2025-54015

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows PHP Local File Inclusion.This issue affects HT Contact Form 7: from n/a through = 2.0.0...

CVE-2025-54015

CVE-2025-54015 is a Local File Inclusion vulnerability in the WordPress plugin family HT Contact Form 7 (HT Plugins). The documented root cause is improper control of the filename used by PHP include/require, enabling PHP Local File Inclusion. Affected software: HT Contact Form 7 versions from n/...