Lucene search
K

32 matches found

NVD
NVD
added 2024/11/05 10:15 p.m.13 views

CVE-2024-10084

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7getpostvar shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the...

4.3CVSS0.00344EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/05 10:58 a.m.4 views

WordPress Contact Form 7 – Dynamic Text Extension plugin <= 4.5 - Information Disclosure via Shortcode vulnerability

Information Disclosure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Contact Form 7 – Dynamic Text Extension versions = 4.5...

4.3CVSS6.6AI score0.00344EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.10 views

WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.5 is vulnerable to Sensitive Data Exposure

Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.5 Fixed in 4.5.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10084 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a8f9f7ebcd8 Credits...

4.3CVSS6.6AI score0.00344EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.8 views

PT-2024-16017 · WordPress · Contact Form 7 – Dynamic Text Extension

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – Dynamic Text Extension plugin for WordPress versions prior to 4.5.0 Description: The Contact Form 7 – Dynamic Text Extension plugin for WordPress has a Basic Information Disclosure issue. This makes it possible for...

4.3CVSS6.8AI score0.00344EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.5 views

WordPress plugin Contact Form 7 – Dynamic Text Extension 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability exist...

4.3CVSS7.6AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2024/01/11 5:15 a.m.24 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS4.4AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2024/01/11 5:15 a.m.3 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.9AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2024/01/11 4:30 a.m.51 views

CVE-2023-6630

CVE-2023-6630 : The WordPress plugin “Contact Form 7 – Dynamic Text Extension” ( 4.1.0); PatchStack lists 4.2.0 as the fix. Other sources corroborate the vulnerability and describe it as a broken access control issue with low overall CVSS (4.3). Actionable takeaway: apply the patch to affected in...

4.3CVSS4.8AI score0.00349EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.5 views

PT-2024-15032 · WordPress · Contact Form 7 – Dynamic Text Extension

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – Dynamic Text Extension plugin for WordPress versions up to, and including, 4.1.0 Description: The issue allows authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referenci...

4.3CVSS5.5AI score0.00349EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/01/10 12:0 a.m.11 views

WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.1.0 is vulnerable to Broken Access Control

Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6630 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e817a16730df Credits Francesc...

4.3CVSS6.6AI score0.00349EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.4 views

WordPress Contact Form 7 Dynamic Text Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 2.0.3 Fixed in 3.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64fbad36bbc4 Credits Unknow...

5.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2019/07/26 12:0 a.m.8 views

WordPress Contact Form 7 Dynamic Text Extension plugin <= 2.0.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found in WordPress Contact Form 7 Dynamic Text Extension plugin versions = 2.0.2.1. Solution Update the WordPress Contact Form 7 Dynamic Text Extension plugin to the latest available version at least 2.0.3...

2.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder