Vulnerabilities > Wpforms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-20 | CVE-2023-7063 | Cross-site Scripting vulnerability in Wpforms The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. | 6.1 |
2023-06-22 | CVE-2023-30500 | Unspecified vulnerability in Wpforms Contact Form and Wpforms Unauth. | 6.1 |
2023-06-07 | CVE-2019-25145 | Cross-site Scripting vulnerability in Wpforms Contact Form 1.5.9 The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. | 6.1 |
2022-11-14 | CVE-2022-3574 | Unspecified vulnerability in Wpforms PRO The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. | 9.8 |
2020-03-24 | CVE-2020-10385 | Cross-site Scripting vulnerability in Wpforms Contact Form A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. | 5.4 |