Tag

CVE-2026-7052

1 brief RSS

HT Contact Form WordPress Plugin Vulnerable to Stored XSS (CVE-2026-7052)

The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting (CVE-2026-7052) via the 'file_upload' parameter in versions up to 2.8.2, allowing unauthenticated attackers to inject arbitrary web scripts.

HT Contact Form – Drag & Drop Form Builder for WordPress plugin <= 2.8.2 stored-xss wordpress plugin CVE-2026-7052

2r 1t 1c 1h ago