CVE-2024-11273
- EPSS 0.03%
- Published 25.03.2025 06:00:10
- Last modified 15.05.2025 19:05:33
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...
CVE-2024-56276
- EPSS 0.26%
- Published 07.01.2025 11:15:09
- Last modified 12.08.2025 18:49:02
Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2.
CVE-2023-30500
- EPSS 0.1%
- Published 22.06.2023 12:15:11
- Last modified 21.11.2024 08:00:18
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions.
CVE-2019-25145
- EPSS 0.35%
- Published 07.06.2023 02:15:10
- Last modified 21.11.2024 04:39:58
The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. T...
CVE-2020-10385
- EPSS 0.57%
- Published 24.03.2020 16:15:12
- Last modified 21.11.2024 04:55:12
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.