CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31302 – WordPress Contact Form Email plugin <= 1.3.44 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-31302
05 Apr 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en CodePeople Contact Form Email. Este problema afecta el correo electrónico del formulario de contacto: desde n/a hasta 1.3.44. The Contact Form Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, ... • https://patchstack.com/database/vulnerability/contact-form-to-email/wordpress-contact-form-email-plugin-1-3-44-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5955 – Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-5955
14 Nov 2023 — The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Contact Form Email de WordPress anterior a 1.3.44 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataque... • https://wpscan.com/vulnerability/1b5fce7e-14fc-4548-8747-96fdd58fdd98 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2023-2718 – Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-2718
16 May 2023 — The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. The Contact Form Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Message' field in versions up to, and including, 1.3.37 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses... • https://wpscan.com/vulnerability/8ad824a6-2d49-4f02-8252-393c59aa9705 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42361 – Contact Form Email <= 1.3.24 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-42361
11 Nov 2021 — The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin de WordPress Contact Form ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2628041%40contact-form-to-email&new=2628041%40contact-form-to-email&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20963 – Contact Form Email <= 1.2.65 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20963
12 Aug 2019 — The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene XSS. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20964 – Contact Form Email <= 1.2.65 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-20964
12 Aug 2019 — The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene CSRF. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-9646 – Contact Form Email <= 1.2.65 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9646
05 Feb 2019 — The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." El plugin Contact Form Email, en versiones anteriores a la 1.2.66 para WordPress, permite Cross-Site Scripting (XSS) en los ítems wp-admin/admin.php. Esto está relacionado con cp_admin_int_edition.inc.php en el área "custom edition area". WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scr... • https://packetstorm.news/files/id/151547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •