2964 matches found
CVE-2025-12718
The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...
CVE-2025-12718
The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...
EUVD-2026-3160
The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...
CVE-2025-12718
CVE-2025-12718 pertains to the Quick Contact Form plugin for WordPress. A vulnerability in the qcf_validate_form AJAX endpoint permits a user-controlled parameter to set the from address, enabling unauthenticated attackers to relay mail through the server to arbitrary recipients (Open Mail Relay)...
CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay
The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...
CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay
The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...
WordPress plugin Quick Contact Form has a vulnerability regarding input validation errors.
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-3337
The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcf validate form' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers...
CVE-2026-1004
CVE-2026-1004 affects the Essential Addons for Elementor plugin for WordPress (versions up to and including 6.5.5). The flaw, via the eael_product_quickview_popup function, allows unauthenticated attackers to exfiltrate WooCommerce product information for items with draft, pending, or private sta...
Astra Linux – Vulnerability in qtdeclarative-opensource-src
Unlimited or throttled resource allocation, improper validation of the specified quantity in input parameters, and vulnerabilities in The Qt Company’s Qt framework on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64-bit, and 32-bit platforms can lead to excessive resource allocation. This issue...
CVE-2023-43344
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component...
CVE-2023-43345
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component...
CVE-2018-12534
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress...
CVE-2009-4785
SQL injection vulnerability in the Quick News comquicknews component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewitem action to index.php...
CVE-2019-18670
In the Quick Access Service QAAdminAgent.exe in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability...
CVE-2019-20848
An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies...
CVE-2023-25035
Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1...
CVE-2023-31214
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0...
CVE-2023-25714
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25...
CVE-2025-23932
Deserialization of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue affects Quick Count: from n/a through = 3.00...