Contact Form plugin
by WordPress
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3463 | Cri | 0.64 | 9.8 | 0.01 | Nov 7, 2022 | The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection | ||
| CVE-2013-7481 | Med | 0.40 | 6.1 | 0.01 | Aug 22, 2019 | The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | ||
| CVE-2017-18491 | Med | 0.40 | 6.1 | 0.01 | Aug 13, 2019 | The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. | ||
| CVE-2016-10869 | Med | 0.40 | 6.1 | 0.01 | Aug 13, 2019 | The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. | ||
| CVE-2015-9295 | Med | 0.40 | 6.1 | 0.01 | Aug 13, 2019 | The contact-form-plugin plugin before 3.96 for WordPress has XSS. | ||
| CVE-2013-7475 | Med | 0.40 | 6.1 | 0.01 | Aug 13, 2019 | The contact-form-plugin plugin before 3.52 for WordPress has XSS. | ||
| CVE-2023-0546 | Med | 0.35 | 5.4 | 0.00 | Apr 10, 2023 | The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger… | ||
| CVE-2025-5730 | Med | 0.28 | 4.3 | 0.00 | Jun 30, 2025 | The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | ||
| CVE-2023-44231 | Med | 0.28 | 4.3 | 0.00 | Oct 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions. | ||
| CVE-2017-20055 | Low | 0.23 | 3.5 | 0.01 | Jun 16, 2022 | A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the… | ||
| CVE-2014-125095 | Low | 0.16 | 3.5 | 0.01 | Apr 9, 2023 | A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site… |
- risk 0.64cvss 9.8epss 0.01
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 3.96 for WordPress has XSS.
- risk 0.40cvss 6.1epss 0.01
The contact-form-plugin plugin before 3.52 for WordPress has XSS.
- risk 0.35cvss 5.4epss 0.00
The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger…
- risk 0.28cvss 4.3epss 0.00
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.
- risk 0.23cvss 3.5epss 0.01
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the…
- risk 0.16cvss 3.5epss 0.01
A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site…