Contact Form Security Vulnerabilities and Issues — Contact Form CVE List

WpformsContact Form

4 matches found

CVE•added 2020/03/11 4:7 a.m.•140 views

CVE-2020-10385

CVE-2020-10385 describes a stored cross-site scripting (XSS) vulnerability in the WordPress plugin WPForms Lite (wpforms-lite) before version 1.5.9. The root cause is insufficient validation/sanitization of user input in the Form Description and Field Description fields, enabling injected scripts...

5.4CVSS5.1AI score0.04428EPSS

Web

CVE•added 2025/03/25 6:0 a.m.•65 views

CVE-2024-11273

CVE-2024-11273 affects the WordPress plugin "Contact Form & SMTP Plugin for WordPress by PirateForms" prior to version 2.6.0. The issue is due to insufficient sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admin), even when unfiltere...

6.1CVSS5.9AI score0.00257EPSS

CVE•added 2023/06/22 11:45 a.m.•63 views

CVE-2023-30500

CVE-2023-30500 : Unauthenticated reflected XSS in WordPress WPForms Lite (wpforms-lite) and WPForms Pro (wpforms)

6.1CVSS5.8AI score0.00402EPSS

CVE•added 2023/06/07 1:51 a.m.•47 views

CVE-2019-25145

CVE-2019-25145 concerns the WordPress plugin “Contact Form & SMTP Plugin by PirateForms.” The vulnerability affects public/class-pirateforms-public.php up to version 2.5.1 and stems from insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary...

7.2CVSS6.3AI score0.00663EPSS