CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhozyLab Easy Contact Form Lite contact-form-lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through = 1.1.25...

WordPress Contact Form Plugin <= 2.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44231 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eacc1253c5af Credits Nguyen Xuan Chien...