VYPR

Contact Form Builder By Vcita

by Vcita

CVEs (4)

  • CVE-2025-32199MedApr 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyale-vc Contact Form Builder by vcita contact-form-with-a-meeting-scheduler-by-vcita allows DOM-Based XSS.This issue affects Contact Form Builder by vcita: from n/a through <=…

  • CVE-2023-2300MedJun 3, 2023
    risk 0.42cvss 6.4epss 0.01

    The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers…

  • CVE-2024-10056MedDec 5, 2024
    risk 0.35cvss 6.4epss 0.00

    The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2023-2301MedJun 3, 2023
    risk 0.33cvss 6.1epss 0.00

    The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to…