2 matches found
CVE-2024-7617
CVE-2024-7617 concerns the WordPress plugin Contact Form to Any API. It is vulnerable to unauthenticated Stored XSS via Contact Form 7 form fields in all versions up to and including 1.2.2, due to insufficient input sanitization and output escaping. Attackers can inject arbitrary scripts that exe...
CVE-2023-32741
CVE-2023-32741 covers a SQL Injection vulnerability in the WordPress plugin “Contact Form to Any API” (versions