Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/05/28 6:45 a.m.35 views

CVE-2026-7052 HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fileupload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00292EPSS
Exploits0References12
NVD
NVD
added 2026/05/19 7:16 p.m.17 views

CVE-2026-8096

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

6.5CVSS0.00404EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/04/03 9:6 p.m.23 views

Silverstripe Form Capture vulnerable to stored cross-site-scripting

Impact Improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack Patches The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge...

6.1CVSS5.1AI score0.00393EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/04/03 5:36 p.m.5 views

CVE-2023-28851 Silverstripe Form Capture vulnerable to Stored Cross-Site Scripting

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a...

6.1CVSS6AI score0.00393EPSS
Exploits0References2
Rows per page
Query Builder