New Contact Form Widget
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17072 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. | ||
| CVE-2025-47491 | Hig | 0.48 | 7.4 | 0.00 | May 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.4.6. | ||
| CVE-2025-62134 | Med | 0.35 | 5.4 | 0.00 | Dec 31, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.5.1. | ||
| CVE-2024-48037 | Med | 0.35 | 5.4 | 0.00 | Oct 17, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.4.2. | ||
| CVE-2024-34754 | Med | 0.34 | 5.3 | 0.00 | Jun 3, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Contact Form Widget.This issue affects Contact Form Widget: from n/a through 1.3.9. |
- risk 0.64cvss 9.8epss 0.02
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
- risk 0.48cvss 7.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.4.6.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.5.1.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget new-contact-form-widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through <= 1.4.2.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Contact Form Widget.This issue affects Contact Form Widget: from n/a through 1.3.9.