3 matches found
CVE-2023-35911
CVE-2023-35911 concerns SQL Injection in the WordPress plugin Contact Form Generator (Creative form builder) for WordPress, affecting versions up to 2.6.0. The issue is described as Improper Neutralization of Special Elements used in an SQL Command, i.e., an SQL injection vulnerability. Affected ...
CVE-2023-37988
The CVE-2023-37988 entry corresponds to the WordPress plugin Contact Form Generator (Creative Solutions) with a reflected XSS flaw in versions
CVE-2015-6965
The CVE-2015-6965 entry describes multiple CSRF flaws in the WordPress Contact Form Generator plugin (version 2.0.1 and earlier) that allow an attacker to hijack administrator sessions by issuing crafted requests to the cfg_forms page under wp-admin/admin.php. Affected component is the plugin’s a...