Lucene search
K

61 matches found

Nuclei
Nuclei
added yesterday28 views

Contact Form Entries < 1.2.4 - Cross-Site Scripting

The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page id: CVE-2021-25079 info: name: Contact Form Entries 1.2.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The...

6.1CVSS6.4AI score0.0682EPSS
Exploits4References4
Patchstack
Patchstack
added 5 days ago5 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload vulnerability

Unauthenticated Arbitrary File Copy/Upload vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Contact Form Entries versions = 1.5.1...

6.5CVSS5.8AI score0.00372EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41273

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the createentryel function in versions up to, and including, 1.5.1. The function reads rawvalue from Elementor Pro's FormRecord object for upload-type fields and passes it...

6.5CVSS6AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-54951

Name of the Vulnerable Software and Affected Versions Database for Contact Form 7, WPforms, Elementor forms versions prior to 1.5.2 Description An arbitrary file copy issue exists in the create entry el function. The function retrieves the raw value from the Elementor Pro Form Record object for...

6.5CVSS6AI score0.00372EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-51671

Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/22 9:21 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability

Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...

8.1CVSS5.9AI score0.00662EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/06 7:29 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability

Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/28 1:37 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability

Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export vulnerability discovered by Teerachai Somprasong in WordPress Plugin Contact Form Entries versions = 1.4.5...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability

Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin Contact Form Entries versions = 1.4.3...

9.8CVSS5.9AI score0.01589EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-37474

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00397EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-42967

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00428EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.8 views

CVE-2023-33311

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in CRM Perks Contact Form Entries plugin = 1.3.0 versions...

6.5CVSS5.6AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:10 p.m.6 views

CVE-2022-3604

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7.8CVSS6.7AI score0.00428EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/02/05 5:16 a.m.4 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.7AI score0.01219EPSS
Exploits0References1
NVD
NVD
added 2024/05/02 5:15 p.m.21 views

CVE-2024-3585

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...

5.3CVSS5AI score0.00691EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/23 2:57 a.m.4 views

WordPress Contact Form Entries plugin <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin Contact Form Entries versions = 1.3.8...

7.2CVSS5.8AI score0.00636EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/23 12:0 a.m.11 views

WordPress Contact Form Entries Plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3715 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05aa510d5273 Credits Tim Coen...

7.2CVSS5.6AI score0.00636EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/07 12:0 a.m.9 views

WordPress Contact Form Entries Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Entries Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5485073f02fc Credits Krzysztof Zając...

6.4CVSS5.8AI score0.00593EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/01/31 3:15 a.m.14 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.2AI score0.01219EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 3:15 a.m.2 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'viewpage' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to uploa...

7.2CVSS7.9AI score0.01219EPSS
Exploits0References3
Rows per page
Query Builder