cleantalk
Vulnerabilities and Security Researches

Contact Form Plugin, CVE-2025-5730

CVE, Research URL

CVE-2025-5730

Home page URL

Security reports for Contact Form Plugin

Application

Contact Form Plugin

Published on
Jun 30, 2025
Research Description
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
Affected versions
max 1.1.29.
Status
vulnerable
Previous vulnerability researches
WordPress Plugin for Google Maps – WP MAPS (CVE-2024-2386) , Jul 01, 2024
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3504) , Apr 25, 2026
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3503) , May 07, 2025
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-3502) , May 07, 2025
WordPress Plugin for Google Maps – WP MAPS (CVE-2025-67535) , Jan 09, 2026
New vulnerability
WP-Recall – Registration, Profile, Commerce & More (CVE-2024-9770) , Apr 26, 2026
Bitly's WordPress Plugin (CVE-2025-58231) , Apr 26, 2026
IP Based Login (CVE-2025-58960) , Apr 26, 2026
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor (CVE-2025-59574) , Apr 26, 2026
The Guardian News Feed (CVE-2026-1087) , Apr 25, 2026