VYPR

Contact Form plugin

by WordPress

CVEs (11)

  • CVE-2022-3463CriNov 7, 2022
    risk 0.64cvss 9.8epss 0.01

    The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection

  • CVE-2013-7481MedAug 22, 2019
    risk 0.40cvss 6.1epss 0.01

    The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.

  • CVE-2017-18491MedAug 13, 2019
    risk 0.40cvss 6.1epss 0.01

    The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.

  • CVE-2016-10869MedAug 13, 2019
    risk 0.40cvss 6.1epss 0.01

    The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.

  • CVE-2015-9295MedAug 13, 2019
    risk 0.40cvss 6.1epss 0.01

    The contact-form-plugin plugin before 3.96 for WordPress has XSS.

  • CVE-2013-7475MedAug 13, 2019
    risk 0.40cvss 6.1epss 0.01

    The contact-form-plugin plugin before 3.52 for WordPress has XSS.

  • CVE-2023-0546MedApr 10, 2023
    risk 0.35cvss 5.4epss 0.00

    The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger…

  • CVE-2025-5730MedJun 30, 2025
    risk 0.28cvss 4.3epss 0.00

    The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.

  • CVE-2023-44231MedOct 9, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.

  • CVE-2017-20055LowJun 16, 2022
    risk 0.23cvss 3.5epss 0.01

    A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the…

  • CVE-2014-125095LowApr 9, 2023
    risk 0.16cvss 3.5epss 0.01

    A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site…