Vulnerabilities and security researches forcontact-forms-builder contact-forms-builder

Jun 06, 2024

CVE, Research URL: CVE-2023-46075
Home page URL: Security reports for Contact Form Builder, Contact Widget
Application: Contact Form Builder, Contact Widget
Date: Oct 26, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions.
Affected versions: max 2.1.7.
Status: vulnerable

Jun 11, 2024

CVE, Research URL: CVE-2024-35747
Home page URL: Security reports for Contact Form Builder, Contact Widget
Application: Contact Form Builder, Contact Widget
Date: Jun 10, 2024
Research Description: Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7.
Affected versions: max 2.1.7.
Status: vulnerable

May 12, 2026

CVE, Research URL: CVE-2022-50959
Home page URL: Security reports for Contact Form Builder, Contact Widget
Application: Contact Form Builder, Contact Widget
Date: May 10, 2026
Research Description: WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter to execute arbitrary JavaScript in victim browsers.
Affected versions: max 1.6.1.
Status: vulnerable