cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-25080,https://securityvulnerability.io/vulnerability/CVE-2021-25080,Contact Form Entries < 1.1.7 - Unauthenticated Stored Cross-Site Scripting,"The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry",Wordpress,"Contact Form Entries – Contact Form 7, WPforms And More",6.1,MEDIUM,0.001120000029914081,false,,false,false,false,,false,false,2022-01-24T08:01:28.000Z,0
CVE-2021-25079,https://securityvulnerability.io/vulnerability/CVE-2021-25079,Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting,"The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page",Wordpress,"Contact Form Entries – Contact Form 7, WPforms And More",6.1,MEDIUM,0.0010000000474974513,false,,false,false,false,,false,false,2022-01-24T08:01:27.000Z,0