Vulnerabilities and security researches forconstant-contact-forms constant-contact-forms

Jun 07, 2024

CVE, Research URL: CVE-2021-24134
Home page URL: Security reports for Constant Contact Forms
Application: Constant Contact Forms
Date: Mar 18, 2021
Research Description: Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed.
Affected versions: max 1.8.8.
Status: vulnerable

CVE, Research URL: CVE-2023-52208
Home page URL: Security reports for Constant Contact Forms
Application: Constant Contact Forms
Date: Jan 09, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2.
Affected versions: max 2.4.3.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-34387
Home page URL: Security reports for Constant Contact Forms
Application: Constant Contact Forms
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3.
Affected versions: max 2.0.0.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 6932a3b9ec54901b3c34f0ba15be26a4cc50ac15
Home page URL: Security reports for Constant Contact Forms
Application: Constant Contact Forms
Date: Sep 06, 2020
Research Description: Constant Contact Forms [constant-contact-forms] < 1.8.8 WordPress Constant Contact Forms plugin <= 1.8.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities found by Nguyen Anh Tien (SunCSR) in WordPress Constant Contact Forms plugin (versions <= 1.8.7).
Affected versions: max 1.8.8.
Status: vulnerable

CVE, Research URL: 4079de0c7dcbef3d761b9e86ceaee2e13cf52e71
Home page URL: Security reports for Constant Contact Forms
Application: Constant Contact Forms
Date: Jun 15, 2023
Research Description: Constant Contact Forms [constant-contact-forms] < 2.0.3 Constant Contact Forms <= 2.0.2 - Missing Authorization via constant_contact_privacy_ajax_handler The Constant Contact Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the constant_contact_privacy_ajax_handler function in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the plugin's privacy agreement settings.
Affected versions: max 2.0.3.
Status: vulnerable