Lucene search
K

23 matches found

CVE
CVE
added 2026/06/04 1:22 p.m.18 views

CVE-2019-25731

CVE-2019-25731 – Zuz Music 2.1 : A persistent cross-site scripting (XSS) vulnerability exists in zuzconsole contact form handling. Attackers can inject malicious JavaScript by submitting crafted data via POST to /gmusic/zuzconsole/___contact, with vulnerable fields including the name, subject, an...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46204

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...

5.1CVSS5.8AI score0.00887EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.110 views

📄 Contact Form by Supsystic 1.7.36 Server-Side Template Injection

Contact Form by Supsystic versions 1.7.36 and below server-side template injection exploit that achieves remote code execution. import requests import argparse import re import urllib.parse def checksstiurl, fieldname: printf" Testing SSTI on url with field fieldname..." Simple arithmetic test...

9.8CVSS6.1AI score0.41475EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.2 views

CVE-2026-32446

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through = 1.9.9.3...

5.8AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/28 5:35 p.m.6 views

EUVD-2020-30887

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

9.8CVSS6.1AI score0.10683EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.15 views

PT-2026-3002

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium vc contact form request function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers t...

5.3CVSS5.6AI score0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/19 12:0 a.m.3 views

CVE-2025-63878

Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page...

8AI score0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-0937

Malware in sbrugna...

4.3CVSS6.4AI score0.01299EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-11129

Malware in sbrugna...

5.4CVSS5.6AI score0.00497EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19311

Malicious code in bioql PyPI...

8.2CVSS6.4AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-12399

Malicious code in bioql PyPI...

4.9CVSS6.3AI score0.00239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.5 views

CVE-2024-11886

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler ' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.8AI score0.00301EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 8:6 p.m.84 views

CVE-2024-10075

The CVE-2024-10075 entry concerns the WordPress Jetpack plugin (pre-13.8). The vulnerability arises from insufficient access control on posts created by the Contact Form, allowing unauthenticated users to access those posts and potentially execute arbitrary shortcodes. The underlying impact is th...

5.6CVSS7AI score0.00334EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/18 2:20 a.m.9 views

CVE-2024-13452

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS6.7AI score0.0028EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 1:46 p.m.52 views

CVE-2025-30522

CVE-2025-30522 is a CSRF-induced Stored XSS in Contact Form 7 Material Design (Damian Orzol) affecting plugin versions from n/a through 1.0.0. Public details indicate a high-severity impact (CVSSv3.1 base score 7.1) with user interaction required. The connected Wordfence entry lists the patch sta...

7.1CVSS7.2AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:41 p.m.9 views

CVE-2024-22305

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36...

8.1CVSS8.2AI score0.00453EPSS
Exploits0References1
NVD
NVD
added 2025/01/25 9:15 a.m.11 views

CVE-2024-13450

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for...

6.5CVSS0.00389EPSS
Exploits0References7
NVD
NVD
added 2024/12/25 4:15 a.m.10 views

CVE-2024-12190

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...

4.3CVSS0.00434EPSS
Exploits0References3
CVE
CVE
added 2024/12/25 3:21 a.m.50 views

CVE-2024-12190

CVE-2024-12190 affects the WordPress plugin “Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder.” The vulnerability stems from a missing capability check on the bitform-form-entry-edit endpoint, present in all versions up to and...

4.3CVSS4.3AI score0.00434EPSS
Exploits0References3
OSV
OSV
added 2022/06/02 2:15 p.m.6 views

CVE-2021-44097

EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database...

9.8CVSS7.4AI score0.01378EPSS
Exploits1References2
Rows per page
Query Builder