Vulnerabilities > Wpforms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-20 | CVE-2023-7063 | Cross-site Scripting vulnerability in Wpforms The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-06-22 | CVE-2023-30500 | Unspecified vulnerability in Wpforms Contact Form and Wpforms Unauth. | 6.1 |
| 2023-06-07 | CVE-2019-25145 | Cross-site Scripting vulnerability in Wpforms Contact Form 1.5.9 The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2020-03-24 | CVE-2020-10385 | Cross-site Scripting vulnerability in Wpforms Contact Form A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. | 5.4 |