CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52208 – WordPress Constant Contact Forms Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-52208
03 Jan 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Constant Contact Constant Contact Forms. Este problema afecta a Constant Contact Forms: desde n/a hasta 2.4.2. The Constant Contact Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including... • https://patchstack.com/database/vulnerability/constant-contact-forms/wordpress-constant-contact-forms-plugin-2-4-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24134 – Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24134
06 Sep 2020 — Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. Una entrada no comprobada y una falta de codificación de salida en el plugin de WordPress Constant Contact Forms, versiones anteriores a 1.8.8, conllevan a múltiples vulnerabilidades de tipo Cross-Sit... • https://wpscan.com/vulnerability/8f3cca92-d072-4806-9142-7f1a987f840b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •