cleantalk
Vulnerabilities and Security Researches

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin, 8ec62534-48e6-4bbc-b1ed-f804d827d70d

CVE, Research URL

8ec62534-48e6-4bbc-b1ed-f804d827d70d

Home page URL

Security reports for WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

Application

WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin

Published on
-
Research Description
WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms &#8211; CRM, Bigin [cf7-zoho] < 1.1.8 Contact Form 7 Zoho &lt; 1.1.8 - Reflected Cross-Site Scripting The plugin does not escape some of its filters before outputting them back in the admin dashboard, leading to Reflected Cross-Site Scripting issues
Affected versions
max 1.1.8.
Status
vulnerable
Previous vulnerability researches
Hueman (039f4d913813d35d9492f3db9505b96c043e80ba) , Jun 11, 2024
Hueman (CVE-2021-4342) , Jun 11, 2024
Hueman (CVE-2024-35772) , Jun 22, 2024
Hueman (CVE-2020-36753) , Jun 10, 2024
Hueman (e03420c55099714ac90da016761d318e5e1cb6db) , Jun 16, 2026
New vulnerability
Async JavaScript (a535d19a588d298275a50a334cb3297b070e2d46) , Jun 16, 2026
Async JavaScript (278f7c36-05f8-4b6f-9a13-11175e3f3971) , Jun 16, 2026
Async JavaScript (dc720f7e4f71488f6f9e4d0e22eb0a048932a77b) , Jun 16, 2026
Async JavaScript (d636ccf5e60d4acf09f15182141bfa6c5351a5ea) , Jun 16, 2026
Async JavaScript (e36be0c1-de61-407b-95a6-ebb340bf29b3) , Jun 16, 2026