758 matches found
Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution
Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...
CVE-2026-57423
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through = 1.6.3.8...
CVE-2026-57411
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
CVE-2026-57411
The CVE-2026-57411 entry concerns the WordPress plugin cf7-views (Aman CF7 Views – Complete Entry Management for Contact Form 7) with a DOM-based XSS vulnerability due to improper neutralization during web page generation. Affected versions are up to 3.2.2. CVSS v3.1 base score is 7.1 (HIGH); att...
CVE-2026-57423
CVE-2026-57423 affects the WordPress plugin Message Filter for Contact Form 7 (cf7-message-filter), specifically versions up to 1.6.3.8. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation. Impact is reflected XSS...
CVE-2026-57411 WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...
CVE-2026-57423 WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through = 1.6.3.8...
PT-2026-57722
Name of the Vulnerable Software and Affected Versions Aman CF7 Views versions prior to 3.2.3 Description A DOM-Based Cross-site Scripting XSS issue exists due to improper neutralization of input during web page generation. This allows stored scripts to execute within the user's browser...
CVE-2026-13378
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2026-13378 Form Vibes <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via Contact Form 7 Form Field
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2026-13378
CVE-2026-13378 affects the Form Vibes – Database Manager for Forms plugin for WordPress. It enables unauthenticated Stored Cross-Site Scripting via a Contact Form 7 Form Field in all versions up to 1.5.2 due to insufficient input sanitization and output escaping. This allows injected scripts to e...
CVE-2026-15000
The CVE-2026-15000 entry concerns the Connect Contact Form 7 and Mailchimp plugin for WordPress, showing a Stored Cross-Site Scripting vulnerability via Mailchimp Merge Field Values in all versions up to 0.9.78.06. The issue arises from insufficient input sanitization and output escaping, enablin...
EUVD-2026-42523
The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
WordPress Message Filter for Contact Form 7 plugin <= 1.6.3.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3.8...
WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by ParkHyunWoo in WordPress Plugin CF7 Views Complete Entry Management for Contact Form 7 versions = 3.2.2...
CVE-2026-57669
Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...
CVE-2026-57669
The affected software is the WordPress plugin Advanced Contact form 7 DB (versions
WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...
EUVD-2026-38663
The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...
WordPress Advanced Contact Form 7 – Compact DB plugin <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Advanced Contact Form 7 – Compact DB versions = 1.0.0...