Vulnerabilities > Wpforms

DATE CVE VULNERABILITY TITLE RISK
2024-01-20 CVE-2023-7063 Cross-site Scripting vulnerability in Wpforms
The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping.
network
low complexity
wpforms CWE-79
6.1
2023-06-22 CVE-2023-30500 Unspecified vulnerability in Wpforms Contact Form and Wpforms
Unauth.
network
low complexity
wpforms
6.1
2023-06-07 CVE-2019-25145 Cross-site Scripting vulnerability in Wpforms Contact Form 1.5.9
The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping.
network
low complexity
wpforms CWE-79
6.1
2022-11-14 CVE-2022-3574 Unspecified vulnerability in Wpforms PRO
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection.
network
low complexity
wpforms
critical
9.8
2020-03-24 CVE-2020-10385 Cross-site Scripting vulnerability in Wpforms Contact Form
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
network
low complexity
wpforms CWE-79
5.4