Advanced Angular Contact Form

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-23658	WordPress Advanced Angular Contact Form	Hig	0.46	7.1	0.00		Feb 14, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced Angular Contact Form: from n/a through <= 1.1.0.
CVE-2026-0811	WordPress Advanced Angular Contact Form	Med	0.35	5.4	0.00		Apr 8, 2026	The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz_cf7_save_setting_callback' function. This makes it possible for unauthenticated attackers to delete form entry via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2025-23658HigFeb 14, 2025
WordPress
Advanced Angular Contact Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced Angular Contact Form: from n/a through <= 1.1.0.
CVE-2026-0811MedApr 8, 2026
WordPress
Advanced Angular Contact Form
risk 0.35cvss 5.4epss 0.00
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz_cf7_save_setting_callback' function. This makes it possible for unauthenticated attackers to delete form entry via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.