CVE-2020-36919
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.
<h4>WordPress Contact Form Builder Plugin</h4>
<p><a href="https://wpforms.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">WPForms</a> is a drag & drop WordPress form builder that’s EASY and POWERFUL. Create contact forms, feedback forms, subscription forms, payment forms (including Stripe, Square & PayPal), and other types of forms for your site in minutes with just a few clicks!</p>
<p>At WPForms, user experience is our #1 priority. Our pre-built form templates and workflows make WPForms the most beginner-friendly contact form plugin on the market. You don’t have to hire a developer. Create a form in less than 5 minutes with our drag & drop form builder or use a template to get a head start.</p>
<blockquote>
<p><strong>WPForms Pro</strong><br />
This plugin is the Lite version of WPForms Pro, which comes with email subscription forms, multi-page contact forms, file uploads, conditional logic, and extra payment integrations. <a href="https://wpforms.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Click here to purchase the best premium WordPress contact form plugin now!</a></p>
</blockquote>
<p><iframe loading="lazy" title="WPForms - the Best WordPress Contact Form Plugin" src="https://player.vimeo.com/video/1180577946?dnt=1&app_id=122963" width="750" height="422" frameborder="0" allow="autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share" referrerpolicy="strict-origin-when-cross-origin"></iframe></p>
<h4>Drag & Drop Contact Form Builder</h4>
<p>Create custom contact forms in minutes with our easy-to-use <a href="https://wpforms.com/features/drag-drop-online-form-builder/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">drag and drop online form builder</a>. But don’t just take our word for it. See what WordPress experts are saying:</p>
<blockquote>
<p>WPForms is by far the <strong>easiest form plugin to use</strong>. My clients love WPForms and it’s one of the few plugins they can use without any training. As a developer I appreciate how fast, modern, clean and extensible it is.<br />
Bill Erickson – Expert WordPress Consultant</p>
</blockquote>
<h4>Pre-built Form Templates</h4>
<p>WPForms comes with <a href="https://wpforms.com/templates/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">2100+ pre-built form templates</a>.</p>
<p>Whether you’re looking to create a simple contact form, marketing form, request a quote form, donation form, payment order form, registration form, Stripe payment form, or a subscription form, we have a form template already prepared and ready to use.</p>
<h4>Mobile Ready, SEO Friendly, and Optimized for Speed</h4>
<p>WPForms contact forms are 100% responsive and mobile-friendly. We optimized every query on the frontend and the backend to ensure that it’s one of the fastest WordPress contact form plugins.</p>
<p>You can embed your contact form on any page with an optimized title and description, so WPForms is one of the most SEO friendly contact form plugins too.</p>
<h4>Fields & Features You Need to Succeed</h4>
<p>With star ratings, file uploads, repeater fields, survey fields, and multi-page contact forms, you can easily build the right custom form for your site’s needs. Plus, integrate your contact forms with an email marketing service in just a few steps and collect payments with Stripe, PayPal, and Square for bookings and orders without the need for a dedicated eCommerce plugin.</p>
<p>See what one business owner has to say about their WPForms contact form:</p>
<blockquote>
<p>As a business owner, time is my most valuable asset. WPForms allows me to create smart contact forms with just a few clicks. With their pre-built form templates and the drag & drop builder, I can create a new form that works in less than 2 minutes without writing a single line of code. Well worth the investment.<br />
David Henzel – Co-founder of MaxCDN</p>
</blockquote>
<h4>Surveys & Polls</h4>
<p>Create custom survey forms like Survey Monkey. Our <a href="https://wpforms.com/features/surveys-and-polls-addon?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">WordPress survey plugin addon</a> comes with smart survey fields including Likert scale, star ratings, and NPS. Embed your surveys and polls anywhere in WordPress.</p>
<p>Use our survey reporting tools to customize graphs, export them for presentations, and display aggregate results. You can also share poll results instantly when collecting votes.</p>
<h4>Default WordPress Forms</h4>
<p>Aside from building simple contact forms, WPForms also helps you create better default WordPress forms, like custom WordPress login forms and custom WordPress user registration forms. Create a password-protected contact form or even a members-only contact form.</p>
<p>Bloggers and publishers can use our WordPress post submission forms to accept guest posts, testimonials, and more.</p>
<h4>Payment Forms, Donation Forms, Booking Forms, and More</h4>
<p>While WPForms started out as a contact form plugin, it has evolved into a powerful custom forms solution for any type of payment or booking form.</p>
<p>WPForms integrates with PayPal, Stripe, Square Payments, and Authorize.Net so you can easily accept credit card payments or take payments via PayPal. Bonus: you can also take signatures.</p>
<p>We’re proud to be a Stripe Verified Partner. This partnership allows us to build the best Stripe integration with early access to features. You can use our Stripe integration to accept both one-time payments as well as recurring payments while syncing all form data to your Stripe account.</p>
<h4>Custom Calculator Forms</h4>
<p>Using the <a href="https://wpforms.com/features/calculations-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">WPForms Calculations addon</a>, you can build custom formulas and display results on the frontend.</p>
<p>Create simple arithmetic calculations or build complex conditional calculations with rounded values, averages, time ranges, and more! It’s the best calculator plugin for WordPress.</p>
<h4>Forms Optimized for Conversions</h4>
<p>With our Form Pages addon, you can create distraction-free custom form landing pages to increase conversions.</p>
<p>To improve form completion rates, we created Conversational Forms which helps you make your feedback forms feel more human by adding an interactive layout. (<a href="https://wpforms.com/features/conversational-forms-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">See Conversational Forms Demo</a>).</p>
<h4>Easy to Customize and Extend</h4>
<p>You can easily customize your contact forms with our section dividers, HTML blocks, and CSS. Embedding forms in Elementor and Divi has never been easier thanks to our native integrations.</p>
<p>We also know that our developer friends may want more control, so we added tons of hooks and filters.</p>
<h4>Full WPForms Feature List</h4>
<ul>
<li><a href="https://wpforms.com/features/drag-drop-online-form-builder/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Online form builder</a> – powerful drag & drop contact form builder. Create WordPress contact forms, payment forms, and other online forms without writing any code.</li>
<li>100% mobile responsive.</li>
<li>GDPR friendly.</li>
<li>Payment Forms – Take payments, donations, down payments, recurring payments, service payments with our Stripe (FREE) integration.</li>
<li><a href="https://wpforms.com/templates/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Form templates</a> pre-built and ready to import.</li>
<li><a href="https://wpforms.com/docs/styling-your-forms/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Form styling</a> for fields, labels, and buttons.</li>
<li><a href="https://wpforms.com/features/spam-protection/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Spam protection</a> built in, plus integrations with hCaptcha, Google reCAPTCHA, and Cloudflare Turnstile.</li>
<li><a href="https://wpforms.com/features/wpforms-ai/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">AI Forms</a> to automatically create and refine forms through natural conversation.</li>
<li><a href="https://wpforms.com/features/instant-notifications/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Instant form notifications</a> via email.</li>
<li><a href="https://wpforms.com/features/form-confirmation/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Custom form confirmations</a> with success messages or thank you pages.</li>
<li><a href="https://wpforms.com/docs/how-to-choose-the-right-form-field-for-your-forms/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin#phone" rel="nofollow ugc">Smart phone field</a> that adapts to your visitor’s location.</li>
<li><a href="https://wpforms.com/features/wpforms-ai/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">AI Choices</a> to automatically populate Multiple Choice, Checkboxes, and Dropdown field options.</li>
<li><a href="https://wpforms.com/features/coupons-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Coupons</a> for free shipping and sale discounts.</li>
<li><a href="https://wpforms.com/features/calculations-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Calculator forms</a> for payment, shipping, billing, and more.</li>
<li><a href="https://wpforms.com/features/file-uploads/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">File upload fields</a> for user submissions.</li>
<li><a href="https://wpforms.com/features/multi-page-forms/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Multi-page forms</a> with progress bars.</li>
<li><a href="https://wpforms.com/features/conditional-logic/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Smart conditional logic</a> to show or hide fields.</li>
<li><a href="https://wpforms.com/features/repeater-field/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Repeater field</a> that enables the person filling out the form to easily add another field or group of fields to fill out. Perfect for group registration forms, custom order forms, and more.</li>
<li><a href="https://wpforms.com/features/digital-signatures/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Signatures</a> for agreements or payment forms.</li>
<li><a href="https://wpforms.com/features/user-registration/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">User registration forms</a> and custom login forms.</li>
<li><a href="https://wpforms.com/features/post-submissions/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Post submission forms</a> to collect user-generated content.</li>
<li><a href="https://wpforms.com/features/geolocation-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Geolocation</a> to collect location data along with submissions.</li>
<li><a href="https://wpforms.com/features/surveys-and-polls-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Surveys and Polls</a> with interactive reports.</li>
<li><a href="https://wpforms.com/features/form-abandonment/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Form abandonment detection</a> to collect partial form submissions.</li>
<li><a href="https://wpforms.com/features/form-locker-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Form locker</a> to control access using passwords, dates, and more.</li>
<li><a href="https://wpforms.com/features/offline-forms-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Offline forms</a> to collect submissions without an internet connection.</li>
<li><a href="https://wpforms.com/features/form-pages-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Form landing pages</a> to boost conversions.</li>
<li><a href="https://wpforms.com/features/conversational-forms-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Conversational forms</a> to boost overall completion rates.</li>
<li><a href="https://wpforms.com/features/lead-forms-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Lead forms</a> to get more submissions with multi-step layouts.</li>
<li><a href="https://wpforms.com/features/webhooks-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Webhooks</a> to send data without third party connectors.</li>
<li><a href="https://wpforms.com/features/user-journey-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">User Journey reports</a> so you know which content is driving form conversions.</li>
<li><a href="https://wpforms.com/features/save-and-resume-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Save and Resume</a> to let visitors save and come back later.</li>
<li><a href="https://wpforms.com/features/entry-automation-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Entry Automation</a> to export and delete form entries on a daily, weekly, or monthly basis.</li>
</ul>
<h4>Integrations</h4>
<ul>
<li><a href="https://wpforms.com/features/google-sheets-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Google Sheets</a></li>
<li><a href="https://wpforms.com/features/zapier-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Zapier</a></li>
<li><a href="https://wpforms.com/features/paypal-commerce/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">PayPal Commerce</a></li>
<li><a href="https://wpforms.com/features/stripe-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Stripe</a> – We’re a Stripe Verified Partner for Payments.</li>
<li><a href="https://wpforms.com/features/square-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Square</a></li>
<li><a href="https://wpforms.com/features/authorize-net-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Authorize.Net</a></li>
<li><a href="https://wpforms.com/features/mailchimp-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Mailchimp</a></li>
<li><a href="https://wpforms.com/features/aweber-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">AWeber</a></li>
<li><a href="https://wpforms.com/features/campaign-monitor-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Campaign Monitor</a></li>
<li><a href="https://wpforms.com/features/getresponse-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">GetResponse</a></li>
<li><a href="https://wpforms.com/features/constant-contact/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Constant Contact</a></li>
<li><a href="https://wpforms.com/features/airtable-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Airtable</a></li>
<li><a href="https://wpforms.com/features/notion-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Notion</a></li>
<li><a href="https://wpforms.com/features/drip-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Drip</a></li>
<li><a href="https://wpforms.com/features/activecampaign-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">ActiveCampaign</a></li>
<li><a href="https://wpforms.com/features/hubspot-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">HubSpot</a></li>
<li><a href="https://wpforms.com/features/brevo-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Brevo</a></li>
<li><a href="https://wpforms.com/features/mailerlite-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">MailerLite</a></li>
<li><a href="https://wpforms.com/features/mailpoet-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">MailPoet</a></li>
<li><a href="https://wpforms.com/features/convertkit-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">ConvertKit</a></li>
<li><a href="https://wpforms.com/features/klaviyo-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Klaviyo</a></li>
<li><a href="https://wpforms.com/features/salesforce-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Salesforce</a></li>
<li><a href="https://wpforms.com/features/slack-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Slack</a></li>
<li><a href="https://wpforms.com/features/dropbox-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Dropbox</a></li>
<li><a href="https://wpforms.com/features/google-calendar-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Google Calendar</a></li>
<li><a href="https://wpforms.com/features/google-drive-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Google Drive</a></li>
<li><a href="https://wpforms.com/features/twilio-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Twilio</a></li>
<li><a href="https://wpforms.com/features/pipedrive-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Pipedrive</a></li>
<li><a href="https://wpforms.com/features/make-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Make</a></li>
<li><a href="https://wpforms.com/features/quiz-addon/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Quiz</a></li>
<li><a href="https://wpforms.com/features/zoho-crm-addon//?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Zoho CRM</a></li>
</ul>
<p>You can see why WPForms is the best WordPress contact form plugin on the market! Want to unlock these features? <a href="https://wpforms.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin" rel="nofollow ugc">Upgrade to our Pro version</a>.</p>
<h4>Credits</h4>
<p>This plugin is created by <a href="https://syedbalkhi.com/" rel="nofollow ugc">Syed Balkhi</a>.</p>
<h4>Branding Guidelines</h4>
<p>WPForms® is a registered trademark of WPForms LLC. When writing about the contact form plugin by WPForms, please make sure to uppercase the initial 3 letters.</p>
<ul>
<li>WPForms (correct)</li>
<li>WP Forms (incorrect)</li>
<li>wpforms (incorrect)</li>
<li>wpf
WordPress Plugin Directory