Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could b
The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated user
The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used
The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains
The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Sc
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Script
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pri
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pri
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against bot
The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scri
The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agai
The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to pe
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross
The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's field_group shortcode in all versions up to, and including, 2.0.1 due to insuf
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficie
The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains
The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in
The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used
The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against
Page 1+ Next →