cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10056,https://securityvulnerability.io/vulnerability/CVE-2024-10056,Stored Cross-Site Scripting Vulnerability in Contact Form Builder,"The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Contact Form Builder By Vcita,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-05T09:23:06.958Z,0
CVE-2023-2300,https://securityvulnerability.io/vulnerability/CVE-2023-2300,Stored Cross-Site Scripting Vulnerability in Contact Form Builder by vcita for WordPress,"The Contact Form Builder by vcita plugin for WordPress has a vulnerability that allows authenticated users with sufficient privileges to inject malicious scripts through the 'email' parameter. This vulnerability arises from inadequate input sanitization and output escaping, permitting attackers to execute unauthorized web scripts on pages viewed by other users. Attackers with the edit_posts capability, including contributors and above, could leverage this flaw to compromise the integrity of pages using the plugin and potentially gain unauthorized access to sensitive user data.",Wordpress,Contact Form Builder by vcita,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0
CVE-2023-2301,https://securityvulnerability.io/vulnerability/CVE-2023-2301,Cross-Site Request Forgery Vulnerability in Contact Form Builder by vcita for WordPress,"The Contact Form Builder by vcita plugin for WordPress is susceptible to Cross-Site Request Forgery due to insufficient nonce validation in the ls_parse_vcita_callback function. This vulnerability allows unauthenticated attackers to manipulate plugin settings and inject harmful JavaScript by deceiving an administrator into executing an unintended action, such as clicking a malicious link. It highlights the critical need for robust verification mechanisms to prevent exploits that can compromise website integrity.",Wordpress,Contact Form Builder by vcita,6.1,MEDIUM,0.0010499999625608325,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0
CVE-2023-2303,https://securityvulnerability.io/vulnerability/CVE-2023-2303,Cross-Site Request Forgery in vcita Contact Form Plugin for WordPress,"The Contact Form and Calls To Action plugin by vcita for WordPress is prone to Cross-Site Request Forgery due to a lack of nonce validation in the vcita-callback.php file. This vulnerability allows unauthenticated attackers to alter plugin settings and inject harmful JavaScript if they can deceive an administrator into executing a crafted request, for instance, by clicking a link. Website owners must take precautionary measures to secure their sites against potential exploitation.",Wordpress,Contact Form Builder by vcita,6.1,MEDIUM,0.0010499999625608325,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0