Vulnerabilities > Contact Form Submissions Project

DATE CVE VULNERABILITY TITLE RISK
2022-03-14 CVE-2022-0248 Cross-site Scripting vulnerability in Contact Form Submissions Project Contact Form Submissions
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. 		4.3
4.3
2021-03-18 CVE-2021-24125 SQL Injection vulnerability in Contact Form Submissions Project Contact Form Submissions
Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)
network
low complexity
contact-form-submissions-project CWE-89
6.5
6.5