Ghozylab: >> Contact Form >> 1.0.19 Security Vulnerabilities
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-30
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-15