cleantalk
Vulnerabilities and Security Researches

Contact Us By Lord Linus, CVE-2025-1382

CVE, Research URL

CVE-2025-1382

Home page URL

Security reports for Contact Us By Lord Linus

Application

Contact Us By Lord Linus

Published on
Mar 09, 2025
Research Description
The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Affected versions
Min -, max 2.6.
Status
vulnerable
Previous vulnerability researches
GamiPress – Link (CVE-2024-5536) , Jun 07, 2024
New vulnerability
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2025-3794) , May 10, 2025
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025