Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.
Analysis
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.
More in Contact Form By Wpforms
View allBroken access control in the Contact Form by WPForms plugin (versions <= 1.10.0.4) for WordPress allows remote unauthent
Contact Form by WPForms versions up to 1.9.8.7 contain an Insertion of Sensitive Information Into Sent Data vulnerabilit
Inadequate authorization controls in WPForms Contact Form plugin version 1.9.9.3 and earlier permit authenticated users
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22903