Lucene search

K
CrmperksDatabase For Contact Form 7, Wpforms, Elementor Forms

7 matches found

CVE
CVE
added 2023/10/31 3:15 p.m.55 views

CVE-2023-31212

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through ...

9.8CVSS9.9AI score0.00441EPSS
CVE
CVE
added 2024/03/13 4:15 p.m.54 views

CVE-2024-2030

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.9AI score0.00189EPSS
CVE
CVE
added 2024/05/02 5:15 p.m.47 views

CVE-2024-3715

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

7.2CVSS6AI score0.014EPSS
CVE
CVE
added 2024/01/16 4:15 p.m.40 views

CVE-2022-3604

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.

7.8CVSS7.7AI score0.00294EPSS
CVE
CVE
added 2024/01/31 3:15 a.m.36 views

CVE-2024-1069

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload...

7.2CVSS7.8AI score0.02852EPSS
CVE
CVE
added 2023/12/29 10:15 a.m.32 views

CVE-2023-31095

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8.

6.1CVSS5.5AI score0.00202EPSS
CVE
CVE
added 2025/08/13 5:15 a.m.18 views

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS8.7AI score0.00725EPSS