Contact form
This hub aggregates every CVE we track for Contact form, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
21
CVEs tracked
0
Critical
4
High
0
In CISA KEV
Severity distribution
MEDIUM14HIGH4LOW3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Contact form.
- CVE-2019-25145Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection7.2
- CVE-2023-0546FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field5.4
- CVE-2014-125095BestWebSoft Contact Form Plugin bws_menu.php bws_add_menu_render cross site scripting3.5
- CVE-2012-10010BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery4.3
- CVE-2013-10022BestWebSoft Contact Form Plugin contact_form.php cntctfrm_check_form cross site scripting3.5
- CVE-2017-20055BestWebSoft Contact Form Plugin Stored cross site scriting3.5
- CVE-2021-24777Hotscot Contact Form < 1.3 - Admin+ SQL Injection7.2
- CVE-2021-24689Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read4.9
- CVE-2021-24381NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting4.8
- CVE-2021-34620CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation8.8
- CVE-2021-24276Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)6.1
- CVE-2020-10385A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.5.4
- CVE-2013-7481The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.6.1
- CVE-2017-18491The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.6.1
- CVE-2016-10869The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.6.1
Product normalization is registry-driven with AI assist and human review. How it works