Contact Form To Any Api
Monthly
Unauthenticated reflected/stored cross-site scripting in the WordPress plugin Contact Form to Any API through version 3.0.3 allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or page. The flaw requires user interaction (UI:R) and changes scope (S:C), meaning injected script can affect resources beyond the vulnerable component, typically the WordPress admin session. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.4 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.1.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unauthenticated reflected/stored cross-site scripting in the WordPress plugin Contact Form to Any API through version 3.0.3 allows remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or page. The flaw requires user interaction (UI:R) and changes scope (S:C), meaning injected script can affect resources beyond the vulnerable component, typically the WordPress admin session. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.4 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.1.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.