61 matches found
Contact Form Entries < 1.2.4 - Cross-Site Scripting
The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page id: CVE-2021-25079 info: name: Contact Form Entries 1.2.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload vulnerability
Unauthenticated Arbitrary File Copy/Upload vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Contact Form Entries versions = 1.5.1...
EUVD-2026-41273
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...
PT-2026-54951
Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms versions prior to 1.5.2 Description An arbitrary file copy issue exists in the create entry el function. The function retrieves the raw value from the Elementor Pro Form Record object for...
PT-2026-51671
Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability
Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability
Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability
Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability discovered by Teerachai Somprasong in WordPress Plugin Contact Form Entries versions = 1.4.5...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability
Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin Contact Form Entries versions = 1.4.3...
EUVD-2023-37474
Malicious code in bioql PyPI...
EUVD-2022-42967
Malicious code in bioql PyPI...
CVE-2023-33311
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...
CVE-2022-3604
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
CVE-2024-3585
The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...
WordPress Contact Form Entries plugin <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin Contact Form Entries versions = 1.3.8...
WordPress Contact Form Entries Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05aa510d5273 Credits Tim Coen...
WordPress Contact Form Entries Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5485073f02fc Credits Krzysztof Zając...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...
CVE-2024-1069
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...