Vulnerabilities and security researches forcontact-form-lite contact-form-lite

Jun 06, 2024

CVE, Research URL: CVE-2024-32147
Home page URL: Security reports for Contact Form Plugin
Application: Contact Form Plugin
Date: Apr 15, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23.
Affected versions: max 1.1.25.
Status: vulnerable

CVE, Research URL: a30bb1e7ee0c6b6b2e3da62aa75e10d8b38ee964
Home page URL: Security reports for Contact Form Plugin
Application: Contact Form Plugin
Date: Aug 17, 2011
Research Description: Contact Form Plugin [contact-form-lite] < 1.0.8 WordPress Easy Contact Form Lite Plugin <= 1.0.7 - SQL Injection This WordPress Easy Contact Form Lite plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Update the plugin.
Affected versions: max 1.0.8.
Status: vulnerable

CVE, Research URL: CVE-2017-20055
Home page URL: Security reports for Contact Form Plugin
Application: Contact Form Plugin
Date: Jun 16, 2022
Research Description: A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component.
Affected versions: max 4.0.2.
Status: vulnerable

Feb 27, 2025

CVE, Research URL: CVE-2025-26962
Home page URL: Security reports for Contact Form Plugin
Application: Contact Form Plugin
Date: Feb 25, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Easy Contact Form Lite allows Stored XSS. This issue affects Easy Contact Form Lite : from n/a through 1.1.25.
Affected versions: max 1.1.27.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-5730
Home page URL: Security reports for Contact Form Plugin
Application: Contact Form Plugin
Date: Jun 30, 2025
Research Description: The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
Affected versions: max 1.1.29.
Status: vulnerable