Contact Form Builder By Vcita
by Vcita
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32199 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyale-vc Contact Form Builder by vcita contact-form-with-a-meeting-scheduler-by-vcita allows DOM-Based XSS.This issue affects Contact Form Builder by vcita: from n/a through <=… | ||
| CVE-2023-2300 | Med | 0.42 | 6.4 | 0.01 | Jun 3, 2023 | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers… | ||
| CVE-2024-10056 | Med | 0.35 | 6.4 | 0.00 | Dec 5, 2024 | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This… | ||
| CVE-2023-2301 | Med | 0.33 | 6.1 | 0.00 | Jun 3, 2023 | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to… |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyale-vc Contact Form Builder by vcita contact-form-with-a-meeting-scheduler-by-vcita allows DOM-Based XSS.This issue affects Contact Form Builder by vcita: from n/a through <=…
- risk 0.42cvss 6.4epss 0.01
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers…
- risk 0.35cvss 6.4epss 0.00
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This…
- risk 0.33cvss 6.1epss 0.00
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to…