CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

EUVD•added 2026/05/10 3:31 p.m.•2 views

EUVD-2021-34788

Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References4

NVD•added 2026/05/10 1:16 p.m.•4 views

CVE-2021-47926

6.4CVSS0.00032EPSS

Exploits0References3

CVE•added 2026/05/10 12:43 p.m.•4 views

CVE-2021-47926

CVE-2021-47926 affects WordPress plugin Contact Form to Email 1.3.24, with a stored XSS in the form name field. Authenticated attackers can insert JavaScript in form names, which executes when other logged-in users access the form management page, enabling session hijacking or credential theft. R...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3

ATTACKERKB•added 2026/05/10 12:43 p.m.•2 views

CVE-2021-47926

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/10 12:43 p.m.•3 views

CVE-2021-47926 WordPress Contact Form to Email 1.3.24 Stored XSS

6.4CVSS5.7AI score0.00032EPSS

Exploits0References3

Cvelist•added 2026/05/10 12:43 p.m.•28 views

CVE-2021-47926 WordPress Contact Form to Email 1.3.24 Stored XSS

6.4CVSS0.00032EPSS

Exploits0References3

Positive Technologies•added 2026/05/10 12:0 a.m.•3 views

PT-2026-39502

6.4CVSS5.7AI score0.00032EPSS

Exploits0References4

CNNVD•added 2026/05/10 12:0 a.m.•3 views

WordPress Plugin Contact Form to Email 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00032EPSS

Exploits0References1

RedhatCVE•added 2026/02/18 7:23 a.m.•3 views

CVE-2026-2002

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the formname parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.7AI score0.00033EPSS

Exploits0References1

Cvelist•added 2026/02/17 4:35 a.m.•29 views

CVE-2026-2002 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.50.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4CVSS0.00033EPSS

Exploits0References2

Positive Technologies•added 2026/02/17 12:0 a.m.•4 views

PT-2026-8396

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name parameter in all versions up to, and including, 1.50.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.7AI score0.00033EPSS

Exploits0References3

CNNVD•added 2026/02/17 12:0 a.m.•2 views

WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder 跨站脚本漏洞

4.4CVSS5.7AI score0.00033EPSS

Exploits0References2

Patchstack•added 2026/01/09 9:27 p.m.•5 views

WordPress Woodpecker for WordPress plugin <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'formname' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Woodpecker for WordPress versions = 3.0.4...

6.4CVSS5.8AI score0.00059EPSS

Exploits0References1Affected Software1

NVD•added 2026/01/09 12:15 p.m.•2 views

CVE-2025-13967

The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formname' parameter of the woodpecker-connector shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00059EPSS

Exploits0References5

CNNVD•added 2026/01/09 12:0 a.m.•2 views

WordPress plugin Woodpecker for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00059EPSS

Exploits0References5

Positive Technologies•added 2026/01/09 12:0 a.m.•2 views

PT-2026-1729

Name of the Vulnerable Software and Affected Versions Woodpecker for WordPress plugin versions up to and including 3.0.4 Description The Woodpecker for WordPress plugin is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the form na...

6.4CVSS5.8AI score0.00059EPSS

Exploits0References8

RedhatCVE•added 2025/10/26 7:16 a.m.•5 views

CVE-2025-9322

The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...

7.5CVSS6.8AI score0.001EPSS

Exploits0References1

CNNVD•added 2025/10/26 12:0 a.m.•1 views

WordPress plugin WP Full Pay SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

7.5CVSS7.5AI score0.001EPSS

Exploits0References3

EUVD•added 2025/10/25 9:32 a.m.•5 views

EUVD-2025-35924

7.5CVSS6.3AI score0.001EPSS

Exploits0References3

NVD•added 2025/10/25 7:15 a.m.•4 views

CVE-2025-9322

7.5CVSS0.001EPSS

Exploits0References2

Rows per page