Contact Form Security Vulnerabilities and Issues — Contact Form CVE List

cve

CVE-2021-34620

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions

8.8CVSS

8.2AI Score

0.002EPSS

2021-07-07 01:15 PM

33

7

cve

CVE-2022-3463

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection

9.8CVSS

9.5AI Score

0.003EPSS

2022-11-07 10:15 AM

41

5

cve

CVE-2023-0546

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to th...

5.4CVSS

5.8AI Score

0.001EPSS

2023-04-10 02:15 PM

35

cve

CVE-2023-24410

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fas...

9.8CVSS

9.8AI Score

0.001EPSS

2023-10-31 03:15 PM

68

cve

CVE-2024-0618

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes i...

4.8CVSS

5.3AI Score

0.001EPSS

2024-01-27 06:15 AM

54

cve

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it...

9.8CVSS

7.7AI Score

0.001EPSS

2024-05-18 08:15 AM

76

cve

CVE-2024-6518

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.5CVSS

5.1AI Score

0.001EPSS

2024-07-27 12:15 PM

27

cve

CVE-2024-6520

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.5CVSS

5.1AI Score

0.001EPSS

2024-07-27 12:15 PM

28

cve

CVE-2024-6521

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.5CVSS

5.1AI Score

0.001EPSS

2024-07-27 12:15 PM

25