CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

178 matches found

CVE-2026-8172

The CVE-2026-8172 entry concerns the WordPress plugin Simple Basic Contact Form (through 20250114). The issue is a Reflected Cross-Site Scripting vulnerability caused by not escaping user-supplied input before reflecting it in the contact form output on validation errors. Impact described: unauth...

7.1CVSS5.7AI score

Exploits0References1

CNNVD•added 2026/06/04 12:0 a.m.•4 views

wordpress plugin Contact Form 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.1CVSS5.4AI score0.00887EPSS

Exploits0References4

CNNVD•added 2026/04/24 12:0 a.m.•5 views

WordPress plugin Booking Calendar Contact Form 安全漏洞

5.3CVSS5.8AI score0.0033EPSS

Exploits0References1

Cvelist•added 2026/04/15 10:21 a.m.•30 views

CVE-2026-40764 WordPress Contact Form by WPForms plugin <= 1.10.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through = 1.10.0.2...

8.1CVSS0.00101EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:17 p.m.•3 views

CVE-2026-32446

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through = 1.9.9.3...

4.3CVSS5.8AI score0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:15 p.m.•25 views

CVE-2026-32532 WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through = 2.0.1...

7.1CVSS0.00142EPSS

Exploits0References1

Vulnrichment•added 2026/03/25 4:14 p.m.•17 views

CVE-2026-25339 WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms: from n/a through = 1.9.8.7...

5.8AI score0.00234EPSS

Exploits0References1

CNNVD•added 2026/03/25 12:0 a.m.•5 views

WordPress plugin Contact Form by WPForms 安全漏洞

6.5CVSS5.8AI score0.00234EPSS

Exploits0References1

CNNVD•added 2026/03/13 12:0 a.m.•9 views

WordPress plugin CP Contact Form with Paypal SQL注入漏洞

8.5CVSS5.8AI score0.00225EPSS

Exploits0References1

EUVD•added 2026/03/11 9:31 a.m.•5 views

EUVD-2026-11125

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form field submissions. This is due to insufficient input sanitization in the lfbleadsanitize function which omits certain...

7.2CVSS5.9AI score0.00241EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 11:12 a.m.•4 views

CVE-2016-10869

The contact-form-plugin plugin before 4.0.2 for WordPress has XSS...

6.1CVSS6.9AI score0.00923EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:33 a.m.•5 views

CVE-2017-18491

The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.01464EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:53 a.m.•8 views

CVE-2013-7481

The contact-form-plugin plugin before 3.3.5 for WordPress has XSS...

6.1CVSS7.1AI score0.00923EPSS

Exploits0References1

Positive Technologies•added 2026/01/07 12:0 a.m.•5 views

PT-2026-1572

Name of the Vulnerable Software and Affected Versions Bit Form – Contact Form Plugin versions prior to 2.21.7 Description The Bit Form – Contact Form Plugin for WordPress has a flaw allowing unauthorized workflow execution. The triggerWorkFlow function lacks proper authorization, specifically in...

6.5CVSS6.7AI score0.0035EPSS

Exploits0References6

CNNVD•added 2025/12/09 12:0 a.m.•2 views

WordPress plugin Contact Form by BestWebSoft 安全漏洞

...

4.3CVSS5.8AI score0.00255EPSS

Exploits0References1

CNVD•added 2025/11/25 12:0 a.m.•2 views

WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability

WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...

5.3CVSS6.5AI score0.00265EPSS

Exploits0References1

CVE•added 2025/11/22 7:29 a.m.•24 views

CVE-2025-13384

The WordPress plugin CP Contact Form with PayPal (

7.5CVSS5.9AI score0.00324EPSS

Exploits0References5

CNVD•added 2025/10/24 12:0 a.m.•3 views

WordPress CF7 Auto Responder Addon plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress CF7 Auto Responder Addon plugin, which stems from the application's lack of effective filtering and escaping of...

7.1CVSS6AI score0.00221EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-9135

Malware in sbrugna...

6.1CVSS6.3AI score0.00923EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•7 views

EUVD-2021-11702

Malware in sbrugna...

4.3CVSS4.6AI score0.0037EPSS

Exploits2References2