VYPR

Contact List

by WordPress

CVEs (1)

  • CVE-2026-3516MedMar 21, 2026
    risk 0.35cvss 6.4epss 0.00

    The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_cl_map_iframe' parameter in all versions up to, and including, 3.0.18. This is due to insufficient input sanitization and output escaping when handling the Google Maps iframe custom…