5 matches found
WordPress Easy Contact Form Lite plugin <= 1.1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krugov Artyom in WordPress Plugin Easy Contact Form Lite versions = 1.1.28...
CVE-2025-5730
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2025-5730
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2025-5730
CVE-2025-5730 affects the WordPress Contact Form Plugin prior to 1.1.29. The issue is caused by insufficient sanitization/escaping of certain plugin settings, allowing authenticated high-privilege users (e.g., contributors) to perform a Stored Cross-Site Scripting (XSS) attack. The vulnerability ...
CVE-2025-5730 Easy Contact Form Lite < 1.1.29 - Contributor+ Stored XSS
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...