Vulnerabilities and security researches forcontact-form-to-any-api contact-form-to-any-api

May 02, 2026

CVE, Research URL: CVE-2026-39449
Home page URL: Security reports for Contact Form to Any API
Application: Contact Form to Any API
Date: -
Research Description: Contact Form to Any API [contact-form-to-any-api] <= 3.0.3 (unfixed) CVE-2026-39449
Affected versions: max 3.0.3.
Status: vulnerable

Sep 26, 2024

CVE, Research URL: CVE-2024-7617
Home page URL: Security reports for Contact Form to Any API
Application: Contact Form to Any API
Date: Sep 25, 2024
Research Description: The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.2.5.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-47871
Home page URL: Security reports for Contact Form to Any API
Application: Contact Form to Any API
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6.
Affected versions: max 1.1.7.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-30242
Home page URL: Security reports for Contact Form to Any API
Application: Contact Form to Any API
Date: Mar 28, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.
Affected versions: max 1.1.9.
Status: vulnerable

CVE, Research URL: CVE-2023-32741
Home page URL: Security reports for Contact Form to Any API
Application: Contact Form to Any API
Date: Nov 04, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.
Affected versions: max 1.1.3.
Status: vulnerable