Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by contact_form_submissions_project
CVE-2022-0248 (GCVE-0-2022-0248)
Vulnerability from nvd – Published: 2022-03-14 14:41 – Updated: 2024-08-02 23:18
VLAI
Title
Contact Form Submissions < 1.7.3 - Unauthenticated Stored XSS
Summary
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d02cf542-2d75-46… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2682024 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Contact Form Submissions |
Affected:
1.7.3 , < 1.7.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2682024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contact Form Submissions",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "1.7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yoru Oni"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T14:41:25.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2682024"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Contact Form Submissions \u003c 1.7.3 - Unauthenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0248",
"STATE": "PUBLIC",
"TITLE": "Contact Form Submissions \u003c 1.7.3 - Unauthenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contact Form Submissions",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.3",
"version_value": "1.7.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yoru Oni"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2682024",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2682024"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0248",
"datePublished": "2022-03-14T14:41:25.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24125 (GCVE-0-2021-24125)
Vulnerability from nvd – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI
Title
Contact Form Submissions < 1.7.1 - Authenticated SQL Injection
Summary
Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/8591b3c9-b041-4f… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Contact Form Submissions |
Affected:
1.7.1 , < 1.7.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8591b3c9-b041-4ff5-b8d9-6f9f81041178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contact Form Submissions",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.1",
"status": "affected",
"version": "1.7.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "minhtuanact + vigov5 SunCSR"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-09T17:13:59.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8591b3c9-b041-4ff5-b8d9-6f9f81041178"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Contact Form Submissions \u003c 1.7.1 - Authenticated SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24125",
"STATE": "PUBLIC",
"TITLE": "Contact Form Submissions \u003c 1.7.1 - Authenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contact Form Submissions",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.1",
"version_value": "1.7.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "minhtuanact + vigov5 SunCSR"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8591b3c9-b041-4ff5-b8d9-6f9f81041178",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8591b3c9-b041-4ff5-b8d9-6f9f81041178"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24125",
"datePublished": "2021-03-18T14:57:48.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0248 (GCVE-0-2022-0248)
Vulnerability from cvelistv5 – Published: 2022-03-14 14:41 – Updated: 2024-08-02 23:18
VLAI
Title
Contact Form Submissions < 1.7.3 - Unauthenticated Stored XSS
Summary
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d02cf542-2d75-46… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2682024 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Contact Form Submissions |
Affected:
1.7.3 , < 1.7.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2682024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contact Form Submissions",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "1.7.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yoru Oni"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T14:41:25.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2682024"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Contact Form Submissions \u003c 1.7.3 - Unauthenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0248",
"STATE": "PUBLIC",
"TITLE": "Contact Form Submissions \u003c 1.7.3 - Unauthenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contact Form Submissions",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.3",
"version_value": "1.7.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yoru Oni"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2682024",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2682024"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0248",
"datePublished": "2022-03-14T14:41:25.000Z",
"dateReserved": "2022-01-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24125 (GCVE-0-2021-24125)
Vulnerability from cvelistv5 – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI
Title
Contact Form Submissions < 1.7.1 - Authenticated SQL Injection
Summary
Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)
Severity
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/8591b3c9-b041-4f… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Contact Form Submissions |
Affected:
1.7.1 , < 1.7.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8591b3c9-b041-4ff5-b8d9-6f9f81041178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contact Form Submissions",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.1",
"status": "affected",
"version": "1.7.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "minhtuanact + vigov5 SunCSR"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-09T17:13:59.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/8591b3c9-b041-4ff5-b8d9-6f9f81041178"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Contact Form Submissions \u003c 1.7.1 - Authenticated SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24125",
"STATE": "PUBLIC",
"TITLE": "Contact Form Submissions \u003c 1.7.1 - Authenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contact Form Submissions",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.1",
"version_value": "1.7.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "minhtuanact + vigov5 SunCSR"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8591b3c9-b041-4ff5-b8d9-6f9f81041178",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/8591b3c9-b041-4ff5-b8d9-6f9f81041178"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24125",
"datePublished": "2021-03-18T14:57:48.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}