VYPR

cforms

by WordPress

CVEs (2)

  • CVE-2010-3977Nov 3, 2010
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.

  • CVE-2008-0560Feb 4, 2008
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and…