2 matches found
CVE-2026-3831 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2025-52743
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...