CVE-2024-11273
- EPSS 0.03%
- Veröffentlicht 25.03.2025 06:00:10
- Zuletzt bearbeitet 15.05.2025 19:05:33
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...
CVE-2024-56276
- EPSS 0.26%
- Veröffentlicht 07.01.2025 11:15:09
- Zuletzt bearbeitet 12.08.2025 18:49:02
Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2.
CVE-2023-30500
- EPSS 0.1%
- Veröffentlicht 22.06.2023 12:15:11
- Zuletzt bearbeitet 21.11.2024 08:00:18
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions.
CVE-2019-25145
- EPSS 0.35%
- Veröffentlicht 07.06.2023 02:15:10
- Zuletzt bearbeitet 21.11.2024 04:39:58
The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. T...
CVE-2020-10385
- EPSS 0.57%
- Veröffentlicht 24.03.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:12
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.