cleantalk
Vulnerabilities and Security Researches

Contact Form Plugin, CVE-2025-5730

CVE, Research URL

CVE-2025-5730

Home page URL

Security reports for Contact Form Plugin

Application

Contact Form Plugin

Published on
Jun 30, 2025
Research Description
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
Affected versions
max 1.1.29.
Status
vulnerable
Previous vulnerability researches
WooCommerce Additional Fees On Checkout (Free) (CVE-2024-12395) , Dec 18, 2024
WooCommerce Additional Fees On Checkout (Free) (CVE-2025-57903) , Apr 25, 2026
New vulnerability
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor (CVE-2025-59574) , Apr 26, 2026
The Guardian News Feed (CVE-2026-1087) , Apr 25, 2026
Booking Calendar Contact Form (CVE-2026-6810) , Apr 25, 2026
Rescue Shortcodes (CVE-2025-62110) , Apr 25, 2026
Taxi Booking Manager for WooCommerce – WordPress plugin | Ecab (CVE-2026-28040) , Apr 25, 2026