VYPR

The Contact Form & SMTP Plugin by PirateForms

by WordPress

CVEs (3)

  • CVE-2024-13453HigJan 30, 2025
    risk 0.47cvss 7.3epss 0.01

    The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the software allowing users to execute an action that does not properly validate a…

  • CVE-2024-11273MedMar 25, 2025
    risk 0.40cvss 6.1epss 0.00

    The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html…

  • CVE-2024-11272MedMar 25, 2025
    risk 0.40cvss 6.1epss 0.00

    The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html…