Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Lifetime free Drag & Drop Contact Form Builder for WordPress VForm 2.1.5

  • Severity: high-risk
  • Status: Open
  • Publication: July 30, 2024

The VForm plugin for WordPress, which allows for the creation of contact forms using drag and drop, has a security vulnerability in all versions up to 2.1.5. This vulnerability, known as Stored Cross-Site Scripting, is caused by a lack of proper filtering and protection of user input. This means that attackers who are not logged in can insert harmful web scripts into pages, which will then be executed whenever someone visits that page.

Detected in:

Drag & Drop Contact Form Builder VPSUForm fixed vulnerable versions:
Lifetime free Drag & Drop Contact Form Builder for WordPress VPSUForm fixed vulnerable versions:
VPSUForm – Contact Forms, Conversion Forms & More fixed vulnerable versions:
VPSUForm – Easy Drag & Drop Form Builder fixed vulnerable versions:
VPSUForm – Easy Form Builder – Contact Forms, Conversion Form & More fixed vulnerable versions:
VPSUForm – No-Code Custom Form Builder – Contact Forms, Conversion Form & More fixed vulnerable versions:
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm open vulnerable versions: >= * <= 2.1.5

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.