VYPR

Fws Ajax Contact Form

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-22761MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer Ajax Contact Form fws-ajax-contact-form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through <= 1.4.1.

  • CVE-2024-5809Jul 30, 2024
    risk 0.00cvss epss 0.00

    The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users

  • CVE-2024-5808Jul 30, 2024
    risk 0.00cvss epss 0.00

    The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack