CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52208 – WordPress Constant Contact Forms Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-52208
03 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Constant Contact Constant Contact Forms. Este problema afecta a Constant Contact Forms: desde n/a hasta 2.4.2. The Constant Contact Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including... • https://patchstack.com/database/vulnerability/constant-contact-forms/wordpress-constant-contact-forms-plugin-2-4-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44740 – WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-44740
28 Oct 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. Múltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform actions ... • https://patchstack.com/database/vulnerability/creative-mail-by-constant-contact/wordpress-creative-mail-plugin-1-5-4-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40686 – WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40686
28 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on settings change. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins via forged r... • https://patchstack.com/database/vulnerability/creative-mail-by-constant-contact/wordpress-creative-mail-plugin-1-5-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40687 – WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-40687
28 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugin <= 1.5.4 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Creative Mail en WordPress en versiones <= 1.5.4. The Creative Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on settings change. This makes it possible for unauthenticated attackers to reset the plugin's settings via forged re... • https://github.com/williamkhepri/CVE-2022-40687-metasploit-scanner • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24134 – Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24134
06 Sep 2020 — Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. Una entrada no comprobada y una falta de codificación de salida en el plugin de WordPress Constant Contact Forms, versiones anteriores a 1.8.8, conllevan a múltiples vulnerabilidades de tipo Cross-Sit... • https://wpscan.com/vulnerability/8f3cca92-d072-4806-9142-7f1a987f840b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •