Lucene search
+L

5 matches found

patchstack
patchstack
added 2025/07/09 9:28 p.m.8 views

WordPress Easy Contact Form Lite plugin <= 1.1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krugov Artyom in WordPress Plugin Easy Contact Form Lite versions = 1.1.28...

4.3CVSS5.5AI score0.00206EPSS
Exploits1References1Affected Software1
redhatcve
redhatcve
added 2025/07/02 6:23 a.m.15 views

CVE-2025-5730

The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

4.3CVSS5.5AI score0.00206EPSS
Exploits1References1
nvd
nvd
added 2025/06/30 6:15 a.m.9 views

CVE-2025-5730

The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

4.3CVSS0.00206EPSS
Exploits1References1
cve
cve
added 2025/06/30 6:0 a.m.26 views

CVE-2025-5730

CVE-2025-5730 affects the WordPress Contact Form Plugin prior to 1.1.29. The issue is caused by insufficient sanitization/escaping of certain plugin settings, allowing authenticated high-privilege users (e.g., contributors) to perform a Stored Cross-Site Scripting (XSS) attack. The vulnerability ...

4.3CVSS5.5AI score0.00206EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/06/30 6:0 a.m.27 views

CVE-2025-5730 Easy Contact Form Lite < 1.1.29 - Contributor+ Stored XSS

The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

0.00206EPSS
Exploits1References1
Rows per page
Query Builder