CVE-2025-14028

The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

CVE-2025-14028

The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

CVE-2019-16676

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

WordPress plugin Contact Us Simple Form 跨站脚本漏洞

...

PT-2026-1614

Name of the Vulnerable Software and Affected Versions Contact Us Simple Form plugin for WordPress versions prior to 1.1 Description The Contact Us Simple Form plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. This is due to inadequate input sanitization an...

WordPress Contact Us Simple Form plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Bhumividh Treloges in WordPress Plugin Contact Us Simple Form versions = 1.0...

GHSA-GG35-374M-9PH8 Drupal Simple multi step form allows Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Simple multi step form allows Cross-Site Scripting XSS.This issue affects Simple multi step form: from 0.0.0 before 2.0.0...

CVE-2025-12761

The CVE-2025-12761 issue affects Drupal’s Simple multi step form module (pre-2.0.0). The root cause is improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS). Practical impact is that attacker-supplied content could be rendered as code in pages viewed b...

EUVD-2019-0676

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-16676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method...

Plataformatec Simple Form Input Validation Error Vulnerability

Plataformatec Simple Form is a form builder from Plataformatec Brazil. An input validation error vulnerability exists in Plataformatec Simple Form. The vulnerability originates from a network system or product that does not properly validate input data. Detailed vulnerability details are not...

GHSA-R74Q-GXCG-73HX Improper Input Validation in simple_form

Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb; a user-supplied string is invoked as a method call Impact For pages that build a form using user input, it is possible for an attacker to manipulate the input and send any method present in the form object. For example: erb...

CVE-2019-16676

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

UBUNTU-CVE-2019-16676

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

CVE-2019-16676

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

Design/Logic Flaw

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

CVE-2019-16676

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

CVE-2019-16676

CVE-2019-16676 affects Plataformatec Simple Form. The vulnerability arises in file_method? within lib/simple_form/form_builder.rb where a user-supplied string is invoked as a method call, enabling potential abuse of form inputs. Public references (Red Hat, NVD, OSV, GHSA) describe an Incorrect Ac...

simple_form Gem for Ruby Incorrect Access Control for forms based on user input

Simple Form before 5.0 has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call. This only happens for pages that build forms based on user input...

Simple Form Mail Relaying Vulnerability

The target is running at least one instance of Simple Form which fails to validate the parameters SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...