VYPR

Contact Form Builder

by WordPress

CVEs (5)

  • CVE-2024-35747Jun 10, 2024
    risk 0.00cvss epss 0.00

    Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7.

  • CVE-2022-23179Jan 16, 2024
    risk 0.00cvss epss 0.01

    The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is…

  • CVE-2022-23180Jan 16, 2024
    risk 0.00cvss epss 0.01

    The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings

  • CVE-2023-46075Oct 26, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions.

  • CVE-2019-11557Apr 26, 2019
    risk 0.00cvss epss 0.01

    The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the…