CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2026/06/05 7:22 p.m.•8 views

CVE-2026-7052

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.6AI score0.00292EPSS

Exploits0References1

NVD•added 2026/05/28 8:16 a.m.•9 views

CVE-2026-7052

7.2CVSS0.00292EPSS

Exploits0References12

ATTACKERKB•added 2026/05/28 6:45 a.m.•8 views

CVE-2026-7052

7.2CVSS6AI score0.00292EPSS

Exploits0References13

Vulnrichment•added 2026/05/28 6:45 a.m.•7 views

CVE-2026-7052 HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field

7.2CVSS6AI score0.00292EPSS

Exploits0References12

EUVD•added 2026/05/28 6:45 a.m.•8 views

EUVD-2026-32740

7.2CVSS6AI score0.00292EPSS

Exploits0References12

CVE•added 2026/05/28 6:45 a.m.•13 views

CVE-2026-7052

The CVE concerns the HT Contact Form – Drag & Drop Form Builder for WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file_upload parameter for all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Exploitation requires the Store Subm...

7.2CVSS6AI score0.00292EPSS

Exploits0References12

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

PT-2026-44200

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file upload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00292EPSS

Exploits0References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by