23 matches found
CVE-2019-25731
CVE-2019-25731 – Zuz Music 2.1 : A persistent cross-site scripting (XSS) vulnerability exists in zuzconsole contact form handling. Attackers can inject malicious JavaScript by submitting crafted data via POST to /gmusic/zuzconsole/___contact, with vulnerable fields including the name, subject, an...
PT-2026-46204
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint...
📄 Contact Form by Supsystic 1.7.36 Server-Side Template Injection
Contact Form by Supsystic versions 1.7.36 and below server-side template injection exploit that achieves remote code execution. import requests import argparse import re import urllib.parse def checksstiurl, fieldname: printf" Testing SSTI on url with field fieldname..." Simple arithmetic test...
CVE-2026-32446
Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through = 1.9.9.3...
EUVD-2020-30887
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...
PT-2026-3002
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium vc contact form request function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers t...
CVE-2025-63878
Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page...
EUVD-2006-0937
Malware in sbrugna...
EUVD-2017-11129
Malware in sbrugna...
EUVD-2025-19311
Malicious code in bioql PyPI...
EUVD-2025-12399
Malicious code in bioql PyPI...
CVE-2024-11886
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler ' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-10075
The CVE-2024-10075 entry concerns the WordPress Jetpack plugin (pre-13.8). The vulnerability arises from insufficient access control on posts created by the Contact Form, allowing unauthenticated users to access those posts and potentially execute arbitrary shortcodes. The underlying impact is th...
CVE-2024-13452
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-30522
CVE-2025-30522 is a CSRF-induced Stored XSS in Contact Form 7 Material Design (Damian Orzol) affecting plugin versions from n/a through 1.0.0. Public details indicate a high-severity impact (CVSSv3.1 base score 7.1) with user interaction required. The connected Wordfence entry lists the patch sta...
CVE-2024-22305
Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36...
CVE-2024-13450
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for...
CVE-2024-12190
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and...
CVE-2024-12190
CVE-2024-12190 affects the WordPress plugin “Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder.” The vulnerability stems from a missing capability check on the bitform-form-entry-edit endpoint, present in all versions up to and...
CVE-2021-44097
EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database...