VYPR

Contact Form, Drag and Drop Form Builder

by WordPress

CVEs (3)

  • CVE-2022-50959MedMay 10, 2026
    risk 0.40cvss 6.1epss 0.00

    WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in…

  • CVE-2021-24907MedDec 21, 2021
    risk 0.40cvss 6.1epss 0.01

    The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

  • CVE-2021-24689MedFeb 28, 2022
    risk 0.32cvss 4.9epss 0.01

    The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack