Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Contact Form Submissions Project Subscribe
Filtered by product Contact Form Submissions
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0248 1 Contact Form Submissions Project 1 Contact Form Submissions 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission
CVE-2021-24125 1 Contact Form Submissions Project 1 Contact Form Submissions 2024-11-21 6.5 MEDIUM 7.2 HIGH
Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)