Contact Form
Approved changes feed: RSS · Atom
cpe:2.3:a:wpforms:contact_form:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Wpforms (a5101ed2-31b2-593d-b803-e4eaf9633dac) |
|---|---|
| Product | Contact Form (6c13c43d-c428-5231-a995-d0fac3c53d16) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/milindmore22/wpforms-lite |
purl2cpe | 2026-06-01 10:16:42.959852 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-11273 |
vulnerable | 2026-06-08 06:23:49.285616 |
Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS
The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Published: 2025-03-25T06:00:10.410Z
Updated: 2025-03-25T13:57:42.934Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-30500 |
vulnerable | 2026-06-08 06:04:39.675679 |
WordPress WPForms plugins - Reflected Cross Site Scripting (XSS) vulnerability
MEDIUM (5.8)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions.
Published: 2023-06-22T11:45:21.403Z
Updated: 2026-04-28T16:08:19.258Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10385 |
vulnerable | 2026-06-08 05:16:35.165790 |
Details available
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.
Published: 2020-03-11T04:07:16.000Z
Updated: 2024-08-04T10:58:40.560Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-25145 |
vulnerable | 2026-06-08 05:13:42.012738 |
Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection
HIGH (7.2)
The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public.php’ file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims.
Published: 2023-06-07T01:51:33.912Z
Updated: 2026-04-08T17:11:43.738Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.