cleantalk
Vulnerabilities and Security Researches

Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress, CVE-2013-10022

CVE, Research URL

CVE-2013-10022

Home page URL

Security reports for Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress

Application

Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress

Published on
Apr 05, 2023
Research Description
A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The patch is identified as 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability.
Affected versions
max 3.52.
Status
vulnerable
Previous vulnerability researches
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress (CVE-2017-2171) , Jun 06, 2024
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress (CVE-2017-18491) , Jun 06, 2024
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress (CVE-2016-10869) , Jun 06, 2024
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress (CVE-2013-7475) , Jun 06, 2024
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress (CVE-2015-9295) , Jun 06, 2024
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026