Fluentforms

Contact Form

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-2782

  • EPSS 7.16%
  • Veröffentlicht 18.05.2024 08:15:07
  • Zuletzt bearbeitet 06.02.2025 18:37:34

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API...

5.4

CVE-2024-2772

  • EPSS 0.26%
  • Veröffentlicht 18.05.2024 08:15:07
  • Zuletzt bearbeitet 06.02.2025 18:38:03

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanit...

9.8

CVE-2024-2771

  • EPSS 26.83%
  • Veröffentlicht 18.05.2024 08:15:06
  • Zuletzt bearbeitet 06.02.2025 18:33:57

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all ver...

5.4

CVE-2023-6957

  • EPSS 0.23%
  • Veröffentlicht 13.03.2024 16:15:09
  • Zuletzt bearbeitet 04.04.2025 15:45:18

The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8

CVE-2024-0618

Exploit
  • EPSS 0.14%
  • Veröffentlicht 27.01.2024 06:15:48
  • Zuletzt bearbeitet 21.11.2024 08:47:00

The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient inp...

9.8

CVE-2023-24410

  • EPSS 0.5%
  • Veröffentlicht 31.10.2023 15:15:08
  • Zuletzt bearbeitet 19.02.2025 22:15:13

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injec...

5.4

CVE-2023-0546

Exploit
  • EPSS 0.15%
  • Veröffentlicht 10.04.2023 14:15:08
  • Zuletzt bearbeitet 11.02.2025 21:15:10

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript int...

9.8

CVE-2022-3463

Exploit
  • EPSS 1.31%
  • Veröffentlicht 07.11.2022 10:15:11
  • Zuletzt bearbeitet 01.05.2025 21:15:51

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection

8.8

CVE-2021-34620

Exploit
  • EPSS 0.22%
  • Veröffentlicht 07.07.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:10:49

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX ...