Every CVE whose affected-product data names Wpforms Contact Form, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-25145 — CVSS 7.2 (high): The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the ‘public/class-pirateforms-public…
CVE-2024-11273 — CVSS 6.1 (medium): The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its…
CVE-2023-30500 — CVSS 5.8 (medium): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <=…
CVE-2020-10385 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress.