CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

CVE-2025-12718

CVE-2025-12718 pertains to the Quick Contact Form plugin for WordPress. A vulnerability in the qcf_validate_form AJAX endpoint permits a user-controlled parameter to set the from address, enabling unauthenticated attackers to relay mail through the server to arbitrary recipients (Open Mail Relay)...

CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

PT-2026-3337

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcf validate form' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers...

CVE-2017-17794

validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...

CVE-2017-17794

validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...

BlogoText 'validate_form_preferences' function access restriction bypass vulnerability

BlogoText is a lightweight SQLite blogging engine. An access restriction bypass vulnerability exists in the 'validateformpreferences' function in the admin/preferences.php file in BlogoText 3.7.6 and earlier versions. An attacker can exploit this vulnerability to bypass access restrictions...

WordPress Plugin Import CSV 1.0 - Directory Traversal

WordPress Plugin Import CSV 1.0 - Directory Traversal Exploit Title: Wordpress Import CSV | Directory Traversal Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/xml-and-csv-import-in-article-content.zip Stable Tag: 1.1 Tested...

Form Builder CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Form Builder CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/form-builder/21967/ Category:: webapps Demo : http://phpscriptz.net/guestbookdemo/cp/login.php Greetz: Inj3ct0r Exploit DataBase...

VisionLMS 1.0 (changePW.php) Remote Password Change Exploit

No description provided by source. html head titleVisionLMS 1.0 | Change Password/title p VisionLMS 1.0 Remote Password Changebr Coded by Mr.tro0oqybr E-mail [email protected] --- Yemeni hackerbr Greetz All my Friendsbr /p form enctype="multipart/form-data" method="post" name="form"...