CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53806 – WordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2024-53806
02 Dec 2024 — Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7. The Maspik – Advanced Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.7. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to change plugin sett... • https://patchstack.com/database/wordpress/plugin/contact-forms-anti-spam/vulnerability/wordpress-maspik-plugin-2-2-7-csrf-to-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30549 – WordPress Contact Forms by Cimatti plugin <= 1.8.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30549
29 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.8.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Contact Forms by Cimatti de Cimatti Consulting para WordPress permite XSS almacenado. Este problema afecta a los formularios de contacto de Cimatti: desd... • https://patchstack.com/database/vulnerability/contact-forms/wordpress-contact-forms-by-cimatti-plugin-1-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29117 – WordPress Contact Forms by Cimatti plugin <= 1.7.0 - Unauthenticated Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29117
16 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Cimatti Consulting Contact Forms by Cimatti permite almacenar XSS. Este problema afecta los formularios de contacto de Cimatti: desde n/a hasta 1.7.0. Th... • https://patchstack.com/database/vulnerability/contact-forms/wordpress-contact-forms-by-cimatti-plugin-1-7-0-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25101 – WordPress Maspik – Spam blacklist Plugin <= 0.10.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-25101
12 Feb 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en yonifre Maspik – Spam Blacklist permite almacenar XSS. Este problema afecta a Maspik – Spam Blacklist: desde n/a hasta 0.10.6. The Maspik – Spam Blacklist plugin for Wo... • https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-10-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48271 – WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-48271
21 Nov 2023 — Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through 0.10.3. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en yonifre Maspik – Spam blacklist permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a Maspik – Spam blacklist: desde n/a hasta 0.10.3. The Maspik – Spam Blacklist plugin for W... • https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-9-2-ip-filtering-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34387 – WordPress Constant Contact Forms plugin <= 2.0.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-34387
03 Jun 2023 — Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3. The Constant Contact Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the constant_contact_optin_ajax_handler function in versions up to, and including, 1.14.0. This makes it possible for authenticated attackers, with subscriber... • https://patchstack.com/database/wordpress/plugin/constant-contact-forms/vulnerability/wordpress-constant-contact-forms-plugin-1-14-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40191 – WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-40191
08 Sep 2022 — Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado Autenticado (suscriptor+) en Ali Khallads Contact Form By Mega Forms plugin versiones anteriores a 1.2.4 incluyéndola, en WordPress The Contact Form By Mega Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sa... • https://patchstack.com/database/vulnerability/mega-forms/wordpress-contact-form-by-mega-forms-plugin-1-2-4-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-0560
https://notcve.org/view.php?id=CVE-2008-0560
04 Feb 2008 — PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function **CUESTIONADA**Vulnerabilidad de inclusión de archivo PHP remoto en cforms-css.php de Oliver Seidel cforms (contactforms), un plugin de Wordpress. Permite a atac... • http://securityreason.com/securityalert/3605 • CWE-94: Improper Control of Generation of Code ('Code Injection') •