cleantalk
Vulnerabilities and Security Researches

Database for Contact Form 7, WPforms, Elementor forms, 462d567f3ad1d318c2c19fe5babcbb2da51728f0

CVE, Research URL

462d567f3ad1d318c2c19fe5babcbb2da51728f0

Home page URL

Security reports for Database for Contact Form 7, WPforms, Elementor forms

Application

Database for Contact Form 7, WPforms, Elementor forms

Published on
Aug 24, 2021
Research Description
Database for Contact Form 7, WPforms, Elementor forms [contact-form-entries] < 1.2.1 Contact Form Entries – Contact Form 7, WPforms and more <= 1.2.0 - Reflected Cross-Site Scripting The Contact Form Entries – Contact Form 7, WPforms and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘start_date’ and ‘end_date’ parameters in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Database for Contact Form 7, WPforms, Elementor forms (462d567f3ad1d318c2c19fe5babcbb2da51728f0) , Jun 16, 2026
Database for Contact Form 7, WPforms, Elementor forms (812c6844fd3d1e7de7c42fe60d7dfd9ba739d775) , Jun 16, 2026
Database for Contact Form 7, WPforms, Elementor forms (69175ef9b4291e401fd0d6b24d5d905a4e862a64) , Jun 16, 2026
Database for Contact Form 7, WPforms, Elementor forms (56cb8480-1791-4990-8fc7-2cb98a10c207) , Jun 16, 2026
Database for Contact Form 7, WPforms, Elementor forms (78da7e4ebf17bf04d89df5a7a7492deb53506a60) , Jun 16, 2026
New vulnerability
WP EasyPay &#8211; Square for WordPress (CVE-2026-56024) , Jun 20, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-9843) , Jun 20, 2026
WP Go Maps (formerly WP Google Maps) (CVE-2026-12238) , Jun 20, 2026
Media Library Assistant (CVE-2026-56012) , Jun 20, 2026
MStore API (CVE-2026-54817) , Jun 20, 2026