VYPR

Contact Form Entries

by WordPress

Source repositories

CVEs (9)

  • CVE-2022-3604HigJan 16, 2024
    risk 0.51cvss 7.8epss 0.00

    The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.

  • CVE-2024-3715HigMay 2, 2024
    risk 0.47cvss 7.2epss 0.01

    The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2023-33311MedMay 28, 2023
    risk 0.42cvss 6.5epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions.

  • CVE-2024-1069HigJan 31, 2024
    risk 0.40cvss 7.2epss 0.01

    The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities…

  • CVE-2021-25079MedJan 24, 2022
    risk 0.40cvss 6.1epss 0.07

    The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page

  • CVE-2021-25080MedJan 24, 2022
    risk 0.39cvss 6.1epss 0.84

    The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing…

  • CVE-2024-2030MedMar 13, 2024
    risk 0.35cvss 6.4epss 0.01

    The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2026-0825MedJan 28, 2026
    risk 0.34cvss 5.3epss 0.00

    The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers…

  • CVE-2026-9843Jun 20, 2026
    risk 0.00cvss epss 0.01

    The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the view_page function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated…