← Back

Contact Form Entries

contact_form_entries

Vendor: Crmperks • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-25080
1Crmperks
1Contact Form Entries
Nov 21, 2024
Jan 24, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cros...Show more
The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entryShow less
CVE-2021-25079
1Crmperks
1Contact Form Entries
Nov 21, 2024
Jan 24, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page