CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 5CVE-2020-10385 – Contact Form by WPForms <= 1.5.8.2 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-10385
18 Feb 2020 — A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. Hay una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el plugin WPForms Contact Form (también se conoce como wpforms-lite) versiones anteriores a la versión 1.5.9 para WordPress. WordPress WPForms plugin version 1.5.8.2 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/156910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10869 – Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress <= 4.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10869
13 Aug 2019 — The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. El complemento contact-form-plugin anterior de 4.0.2 para WordPress tiene XSS • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25145 – Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection
https://notcve.org/view.php?id=CVE-2019-25145
27 Jul 2019 — The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims. • https://blog.nintechnet.com/html-injection-vulnerability-in-wordpress-pirate-forms-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-11591 – Contact Form by WD <= 1.13.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-11591
05 Apr 2019 — The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. El plugin Contact Form de WebDorado anterior a la versión 1.13.5 para WordPress, permite CSRF por medio del parámetro action en el archivo wp-admin/admin-ajax. php, con la inclusión de archivos l... • http://seclists.org/fulldisclosure/2019/Apr/37 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-352: Cross-Site Request Forgery (CSRF) CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2017-2171
https://notcve.org/view.php?id=CVE-2017-2171
22 May 2017 — Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Post... • http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9295 – Contact Form by BestWebSoft <= 3.95 - ReflectedCross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9295
12 Apr 2017 — The contact-form-plugin plugin before 3.96 for WordPress has XSS. El complemento contact-form-plugin anterior a 3.96 para WordPress tiene XSS. The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.95 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can tric... • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18491 – Advanced Contact Us Form Builder for WordPress <= 4.0.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18491
12 Apr 2017 — The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. El complemento contact-form-plugin anterior de 4.0.6 para WordPress tiene múltiples problemas XSS. The Advanced Contact Us Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scrip... • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125095 – BestWebSoft Contact Form Plugin bws_menu.php bws_add_menu_render cross site scripting
https://notcve.org/view.php?id=CVE-2014-125095
07 Aug 2014 — A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. • https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7481 – Contact Form By BestWebSoft<= 3.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7481
26 Aug 2013 — The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. El plugin contact-form-plugin versiones anteriores a 3.3.5 para WordPress, presenta una vulnerabilidad de tipo XSS. The Contact Form By BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.34 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7475 – Contact Form by BestWebSoft <= 3.51 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7475
13 Aug 2013 — The contact-form-plugin plugin before 3.52 for WordPress has XSS. El complemento contact-form-plugin antes de 3.52 para WordPress tiene XSS. The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.51 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. CVE-2013-10022 may be a duplicate of this issue. • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •