CVE-2019-25734

The CVE-2019-25734 entry concerns the WordPress plugin Contact Form by WD version 1.13.1. It describes a combined cross-site request forgery and local file inclusion vulnerability that lets unauthenticated attackers include arbitrary files by exploiting unsanitized action parameters. Attacks targ...

CVE-2025-10019

CVE-2025-10019 is an authorization bypass affecting the WordPress plugin Contact Form Email (contact-form-to-email) up to version 1.3.60. The issue arises from a user-controlled key that enables an improper access-control security level, effectively exposing an insecure direct object reference (I...

EUVD-2023-12736

Malicious code in bioql PyPI...

CVE-2025-53304

CVE-2025-53304 concerns the WordPress plugin “Contact Form – 7: Hide Success Message.” It affects versions up to 1.1.4 and is described as a Missing Authorization vulnerability that allows accessing functionality not properly constrained by ACLs. The CVE entry indicates a base score of 5.3 (Mediu...

WordPress Contact Form plugin <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Contact Form versions = 2.0.12...

WordPress plugin Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2023-47871 WordPress Contact Form to Any API plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6...

WordPress Contact Form by WPForms Plugin < 1.9.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by WPForms Type Plugin Vulnerable versions 1.9.1.6 Fixed in 1.9.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7056 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9dc8b02dd1d6 Credits WPscan Require...

WordPress Contact Form by WPForms Plugin <= 1.9.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.9.1.6 Fixed in 1.9.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3b41c5288f1e Credits Asaf...

WordPress Contact Form by Supsystic Plugin <= 1.7.28 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by Supsystic Type Plugin Vulnerable versions = 1.7.28 Fixed in 1.7.29 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-48046 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cce1073296d4 Credits UKO Required privile...

WordPress Contact Form to Any API Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7617 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8a05dbbe144d Credits Jorgson...

WordPress Contact Form 7 Multi-Step Addon Plugin <= 1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8aae8a0dc1cb Credits Sansec.io Required privilege Unauthenticated...

WordPress Contact Form by TotalForm Plugin <= 1.0.0 is vulnerable to Backdoor

Software Contact Form by TotalForm Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0dad1dc6ec75 Credits Sansec.io Required privilege Unauthenticated Published ...

WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection

Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...

WordPress Contact Form by WPForms Plugin <= 1.8.7.2 is vulnerable to Broken Access Control

Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.8.7.2 Fixed in 1.8.8.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3649 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f3183fdcee99 Credits Asaf Mozes Require...

WordPress Contact Form 7 Database Addon – CFDB7 Plugin <= 1.2.6.8 is vulnerable to Sensitive Data Exposure

Software Contact Form 7 Database Addon – CFDB7 Type Plugin Vulnerable versions = 1.2.6.8 Fixed in 1.2.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3870 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b218289620d7 Credits Ti...

WordPress Contact Form to Any API Plugin <= 1.1.8 is vulnerable to SQL Injection

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.8 Fixed in 1.1.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30242 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID f2d596609a9a Credits Le Ngoc Anh Required privilege Subscrib...

WordPress Contact Form by BestWebSoft Plugin <= 4.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by BestWebSoft Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2198 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b02a52616ddf Credits...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.27 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46083 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 538b41872f6e...

WordPress Contact Form With Captcha Plugin <= 1.6.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form With Captcha Type Plugin Vulnerable versions = 1.6.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Request Forgery CSRF CVE CVE-2023-45771 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 79f7e7f9285e Credits LEE SE...