31720 matches found
CVE-2026-57708
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...
CVE-2026-57423
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through = 1.6.3.8...
CVE-2026-57411
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
CVE-2026-57423 WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through = 1.6.3.8...
CVE-2026-57708 WordPress Contact Form Entries plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...
CVE-2026-57411 WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
CVE-2026-57423
CVE-2026-57423 affects the WordPress plugin Message Filter for Contact Form 7 (cf7-message-filter), specifically versions up to 1.6.3.8. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Impact is reflected XSS...
CVE-2026-57708
Affected product/versions: WordPress WordPress plugin “Contact Form Entries” (contact-form-entries)
CVE-2026-57411
The CVE-2026-57411 entry concerns the WordPress plugin cf7-views (Aman CF7 Views – Complete Entry Management for Contact Form 7) with a DOM-based XSS vulnerability due to improper neutralization during web page generation. Affected versions are up to 3.2.2. CVSS v3.1 base score is 7.1 (HIGH); att...
TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal
TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII including partner and contact names. id: CVE-2025-27225 info: name: TRUfusion Enterprise = 7.10.4.0 - Admin Conta...
WordPress Contact Form by Supsystic - Server-Side Template Injection
Contact Form by Supsystic WordPress plugin = 1.7.36 contains a server-side template injection caused by unsandboxed TwigLoaderString and cfsPreFill functionality, letting unauthenticated attackers execute arbitrary code remotely via GET parameters. id: CVE-2026-4257 info: name: WordPress Contact...
Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...
Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting
The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. id: CVE-2017-18492 info: name: Contact Form to DB by BestWebSoft 1.5.7 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-to-db plugin before 1.5.7 for WordPress has multip...
Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation
The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's...
Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. id: CVE-2017-18491 info: name: Contact Form by BestWebSoft 4.0.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-plugin plugin before 4.0.6 for WordPress has multiple X...
Contact Form Generator <= 2.5.5 - Cross-Site Scripting
The Contact Form Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in wp-admin/admin.php in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution
Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...
Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting. id: CVE-2022-0250 info: name: Redirection for Contact Form 7 2.5.0 - Cross-Site Scripting author: ritikchaddha...
WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute. id: CVE-2022-2187 info: name: WordPress Contact Form 7 Captcha 0.1.2 - Cross-Site Scripting...
Contact Form Entries < 1.2.4 - Cross-Site Scripting
The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page id: CVE-2021-25079 info: name: Contact Form Entries 1.2.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The...