EUVD-2024-54523

Malicious code in bioql PyPI...

WordPress Contact Form & SMTP Plugin for WordPress by PirateForms plugin < 2.6.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Contact Form & SMTP Plugin versions 2.6.0...

CVE-2024-11273

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...

CVE-2024-11272 Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS

The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed fo...

PT-2025-12747 · Pirateforms · Contact Form & Smtp Plugin

Name of the Vulnerable Software and Affected Versions: The Contact Form & SMTP Plugin for WordPress by PirateForms versions prior to 2.6.0 Description: The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admins, ...

CVE-2019-25145

The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

WordPress Contact Form & SMTP Plugin for WordPress by PirateForms plugin <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Contact Form & SMTP Plugin versions = 2.6.0...

CVE-2019-25145

The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

WordPress Plugin Contact Form & SMTP Plugin by PirateForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-11372 · Pirateforms · Contact Form & Smtp Plugin

Name of the Vulnerable Software and Affected Versions: Contact Form & SMTP Plugin by PirateForms versions up to, and including, 2.5.1 Description: The issue arises from insufficient input sanitization and output escaping in the 'public/class-pirateforms-public.php' file, allowing unauthenticated...