Skip to main content

Contact Form Entries

1 CVEs product

Monthly

CVE-2026-57708 HIGH This Week

Reflected cross-site scripting in the CRM Perks "Contact Form Entries" WordPress plugin (versions up to and including 1.5.2) lets remote attackers inject script that executes in a victim's browser after the victim clicks a crafted link. Because the CVSS scope is changed (S:C), successful injection can reach data and actions beyond the vulnerable component, typically the WordPress admin/session context. No public exploit has been identified and it is not on CISA KEV; the flaw was reported by Patchstack.

XSS Contact Form Entries
NVD
CVSS 3.1
7.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the CRM Perks "Contact Form Entries" WordPress plugin (versions up to and including 1.5.2) lets remote attackers inject script that executes in a victim's browser after the victim clicks a crafted link. Because the CVSS scope is changed (S:C), successful injection can reach data and actions beyond the vulnerable component, typically the WordPress admin/session context. No public exploit has been identified and it is not on CISA KEV; the flaw was reported by Patchstack.

XSS Contact Form Entries
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy