Skip to main content

Formychat

1 CVEs product

Monthly

CVE-2026-57379 HIGH This Week

Stored cross-site scripting in the WPPOOL FormyChat (social-contact-form) WordPress plugin, versions up to and including 2.15.3, lets remote attackers inject persistent JavaScript that executes in the browser of anyone who later views the affected page. Reported by Patchstack (CVSS 7.1), the scope-changing flaw can be abused to hijack sessions, deface content, or pivot toward WordPress administrator accounts. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

XSS Formychat
NVD
CVSS 3.1
7.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Stored cross-site scripting in the WPPOOL FormyChat (social-contact-form) WordPress plugin, versions up to and including 2.15.3, lets remote attackers inject persistent JavaScript that executes in the browser of anyone who later views the affected page. Reported by Patchstack (CVSS 7.1), the scope-changing flaw can be abused to hijack sessions, deface content, or pivot toward WordPress administrator accounts. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

XSS Formychat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy