CVE-2026-24991

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...

CVE-2026-24991 WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...

CVE-2026-24991

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...

CVE-2026-24991

CVE-2026-24991 affects WordPress plugin Extensions For CF7 (versions up to 3.4.0). It is an Insecure Direct Object References (IDOR) / authorization bypass vulnerability caused by a user-controlled key, enabling unauthorized access to objects. Remediation: update to a version later than 3.4.0 (pa...

CVE-2025-24695

Server-Side Request Forgery SSRF vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through = 3.2.0...

WordPress plugin Extensions For CF7 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-29102

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6...

CVE-2024-29102

CVE-2024-29102 is an XSS in the WordPress plugin family Extensions For CF7 (HasThemes Extensions For CF7). Described as Improper Neutralization of Input During Web Page Generation (Stored XSS), it affects Extensions For CF7 versions from n/a up to 3.0.6. Public sources (Red Hat advisory and Wordf...

CVE-2023-23899

CVE-2023-23899 affects the WordPress plugin Extensions For CF7 (HasThemes Extensions For CF7) up to version 2.0.8. Root cause: Cross-Site Request Forgery (CSRF) allows unauthenticated attackers to trigger arbitrary plugin activation. Affects versions