Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/21 6:33 a.m.19 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 6:16 a.m.6 views

CVE-2026-1045

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/20 5:30 a.m.3 views

CVE-2026-1045 Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS5.7AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/20 5:30 a.m.24 views

CVE-2026-1045 Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters

The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...

4.4CVSS0.00189EPSS
Exploits0References3
CVE
CVE
added 2026/01/20 5:30 a.m.20 views

CVE-2026-1045

CVE-2026-1045 : The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.3.2. The issue arises from insufficient input sanitization and output escaping, allowing an authenticated attacker with administrator-level permissions (an...

4.4CVSS5.7AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

WordPress plugin Viet Contact: Cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.00189EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/19 10:13 p.m.7 views

WordPress Viet contact plugin <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability discovered by 0x34rth in WordPress Plugin Viet contact versions = 1.3.2...

4.4CVSS5.4AI score0.00189EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder