Vulnerabilities > Wpforms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-20 | CVE-2023-7063 | Cross-site Scripting vulnerability in Wpforms The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-10-04 | CVE-2023-3213 | Unspecified vulnerability in Wpforms WP Mail Smtp The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. | 5.3 |
| 2023-06-22 | CVE-2023-30500 | Cross-site Scripting vulnerability in Wpforms Contact Form and Wpforms Unauth. | 6.1 |
| 2023-06-07 | CVE-2019-25145 | Cross-site Scripting vulnerability in Wpforms Contact Form 1.5.9 The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2022-11-14 | CVE-2022-3574 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Wpforms PRO The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. | 9.8 |
| 2020-03-24 | CVE-2020-10385 | Cross-site Scripting vulnerability in Wpforms Contact Form A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. | 5.4 |