cleantalk
Vulnerabilities and Security Researches

Contact Form Plugin, CVE-2025-26962

CVE, Research URL

CVE-2025-26962

Home page URL

Security reports for Contact Form Plugin

Application

Contact Form Plugin

Published on
Feb 25, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Easy Contact Form Lite allows Stored XSS. This issue affects Easy Contact Form Lite : from n/a through 1.1.25.
Affected versions
max 1.1.27.
Status
vulnerable
Previous vulnerability researches
Contact Form Plugin (CVE-2024-32147) , Jun 06, 2024
Contact Form Plugin (a30bb1e7ee0c6b6b2e3da62aa75e10d8b38ee964) , Jun 06, 2024
Contact Form Plugin (CVE-2017-20055) , Jun 06, 2024
Contact Form Plugin (CVE-2025-5730) , Apr 25, 2026
Contact Form Plugin (CVE-2025-26962) , Feb 27, 2025
New vulnerability
Court Reservation – Manage Your Court Bookings Online (CVE-2026-1508) , Apr 26, 2026
ITERAS (CVE-2026-4078) , Apr 26, 2026
WP-Recall – Registration, Profile, Commerce & More (CVE-2024-9770) , Apr 26, 2026
Bitly's WordPress Plugin (CVE-2025-58231) , Apr 26, 2026
IP Based Login (CVE-2025-58960) , Apr 26, 2026