32 matches found
CVE-2024-10084
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7getpostvar shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the...
WordPress Contact Form 7 – Dynamic Text Extension plugin <= 4.5 - Information Disclosure via Shortcode vulnerability
Information Disclosure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Contact Form 7 – Dynamic Text Extension versions = 4.5...
WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.5 is vulnerable to Sensitive Data Exposure
Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.5 Fixed in 4.5.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10084 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a8f9f7ebcd8 Credits...
PT-2024-16017 · WordPress · Contact Form 7 – Dynamic Text Extension
Name of the Vulnerable Software and Affected Versions: Contact Form 7 – Dynamic Text Extension plugin for WordPress versions prior to 4.5.0 Description: The Contact Form 7 – Dynamic Text Extension plugin for WordPress has a Basic Information Disclosure issue. This makes it possible for...
WordPress plugin Contact Form 7 – Dynamic Text Extension 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability exist...
CVE-2023-6630
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...
CVE-2023-6630
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...
CVE-2023-6630
CVE-2023-6630 : The WordPress plugin “Contact Form 7 – Dynamic Text Extension” ( 4.1.0); PatchStack lists 4.2.0 as the fix. Other sources corroborate the vulnerability and describe it as a broken access control issue with low overall CVSS (4.3). Actionable takeaway: apply the patch to affected in...
PT-2024-15032 · WordPress · Contact Form 7 – Dynamic Text Extension
Name of the Vulnerable Software and Affected Versions: Contact Form 7 – Dynamic Text Extension plugin for WordPress versions up to, and including, 4.1.0 Description: The issue allows authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referenci...
WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.1.0 is vulnerable to Broken Access Control
Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6630 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e817a16730df Credits Francesc...
WordPress Contact Form 7 Dynamic Text Extension Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 2.0.3 Fixed in 3.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64fbad36bbc4 Credits Unknow...
WordPress Contact Form 7 Dynamic Text Extension plugin <= 2.0.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability found in WordPress Contact Form 7 Dynamic Text Extension plugin versions = 2.0.2.1. Solution Update the WordPress Contact Form 7 Dynamic Text Extension plugin to the latest available version at least 2.0.3...