Contact Form Entries
Approved changes feed: RSS · Atom
cpe:2.3:a:crmperks:contact_form_entries:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Crmperks (975241d0-4916-584a-bd9d-200ff8bf9f85) |
|---|---|
| Product | Contact Form Entries (4ff01681-978d-5a49-a2e7-a1151d53cf1b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-25080 |
vulnerable | 2026-06-03 14:44:04.383753 |
Contact Form Entries < 1.1.7 - Unauthenticated Stored Cross-Site Scripting
The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry
Published: 2022-01-24T08:01:28.000Z
Updated: 2024-08-03T19:56:09.996Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25079 |
vulnerable | 2026-06-03 14:44:04.383303 |
Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting
The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page
Published: 2022-01-24T08:01:27.000Z
Updated: 2024-08-03T19:56:09.871Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.