Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Contact Form By Mega Forms Security Vulnerabilities

cve
cve

CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.

6.5CVSS

6.2AI Score

0.001EPSS

2022-03-07 09:15 AM
64
cve
cve

CVE-2022-3463

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection

9.8CVSS

9.5AI Score

0.003EPSS

2022-11-07 10:15 AM
41
5
cve
cve

CVE-2022-40191

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.

5.4CVSS

5.2AI Score

0.001EPSS

2022-09-09 03:15 PM
34
5