CVE-2019-25734

The CVE-2019-25734 entry concerns the WordPress plugin Contact Form by WD version 1.13.1. It describes a combined cross-site request forgery and local file inclusion vulnerability that lets unauthenticated attackers include arbitrary files by exploiting unsanitized action parameters. Attacks targ...

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability

Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin Contact Form Entries versions = 1.4.3...

CVE-2025-64231

Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through =...

CVE-2025-10019

CVE-2025-10019 is an authorization bypass affecting the WordPress plugin Contact Form Email (contact-form-to-email) up to version 1.3.60. The issue arises from a user-controlled key that enables an improper access-control security level, effectively exposing an insecure direct object reference (I...

EUVD-2023-12736

Malicious code in bioql PyPI...

CVE-2025-53304

CVE-2025-53304 concerns the WordPress plugin “Contact Form – 7: Hide Success Message.” It affects versions up to 1.1.4 and is described as a Missing Authorization vulnerability that allows accessing functionality not properly constrained by ACLs. The CVE entry indicates a base score of 5.3 (Mediu...

WordPress Contact Form plugin <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Contact Form versions = 2.0.12...

WordPress Submission DOM tracking for Contact Form 7 plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Submission DOM tracking for Contact Form 7 versions = 2.1...

CVE-2025-47491 WordPress Contact Form Widget plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through = 1.4.6...

CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

CVE-2025-24727 WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through = 1.3.52...

WordPress plugin Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2023-47871 WordPress Contact Form to Any API plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6...

WordPress Contact Form by WPForms Plugin < 1.9.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by WPForms Type Plugin Vulnerable versions 1.9.1.6 Fixed in 1.9.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7056 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9dc8b02dd1d6 Credits WPscan Require...

WordPress Contact Form by WPForms Plugin <= 1.9.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form by WPForms Type Plugin Vulnerable versions = 1.9.1.6 Fixed in 1.9.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10593 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3b41c5288f1e Credits Asaf...

WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 – PayPal & Stripe Add-on Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10683 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 86607dd77930...

WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.5 is vulnerable to Sensitive Data Exposure

Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.5 Fixed in 4.5.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10084 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a8f9f7ebcd8 Credits...

WordPress Contact Form 7 Telegram Plugin <= 0.8.5 is vulnerable to Broken Access Control

Software Contact Form 7 Telegram Type Plugin Vulnerable versions = 0.8.5 Fixed in 0.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9629 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc9031e15885 Credits István Márton Required...

WordPress Contact Form by Supsystic Plugin <= 1.7.28 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by Supsystic Type Plugin Vulnerable versions = 1.7.28 Fixed in 1.7.29 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-48046 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cce1073296d4 Credits UKO Required privile...

WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 – PayPal & Stripe Add-on Type Plugin Vulnerable versions = 2.3 Fixed in 2.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-48021 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0e2541d5dd28 Credits Le Ngoc An...