VYPR

Contact Form

by Stephen Ostermiller

CVEs (2)

  • CVE-2026-7052HigMay 28, 2026
    risk 0.47cvss 7.2epss 0.00

    The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'file_upload' parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2007-3352Jun 22, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe.