4 matches found
CVE-2026-7052 HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field
The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-8096
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
Silverstripe Form Capture vulnerable to stored cross-site-scripting
Impact Improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack Patches The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge...
CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...