Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...

CVE-2026-27393

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

CVE-2026-27393 WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

CVE-2026-27393

The CVE-2026-27393 entry concerns the WordPress plugin CF7 WOW Styler (versions n/a–1.7.6). The issue is described as a Missing Authorization / Broken Access Control vulnerability in which access permissions are incorrectly configured, allowing unauthorized access to functionality. The available ...

WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin CF7 WOW Styler versions = 1.7.6...

PT-2026-42434

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

WordPress plugin CF7 WOW Styler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-0814

The CVE-2026-0814 entry concerns the WordPress plugin Advanced CF7 DB . A missing capability check in the function vsz_cf7_export_to_excel affects all versions up to and including 2.0.9 , enabling authenticated users with Subscriber-level access and above to export form submissions to Excel files...

CVE-2026-24991

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...

CVE-2026-24991 WordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...

CVE-2026-24991

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through = 3.4.0...

CVE-2026-24991

CVE-2026-24991 affects WordPress plugin Extensions For CF7 (versions up to 3.4.0). It is an Insecure Direct Object References (IDOR) / authorization bypass vulnerability caused by a user-controlled key, enabling unauthorized access to objects. Remediation: update to a version later than 3.4.0 (pa...

CVE-2025-12825

CVE-2025-12825 affects the WordPress plugin User Registration Using Contact Form 7. The issue is a missing capability check in get_cf7_form_data across all versions up to and including 2.5, enabling unauthorized data access (including Facebook app secrets) by unauthenticated users. Connected sour...

CVE-2018-21012

The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS...

PT-2025-53278

Name of the Vulnerable Software and Affected Versions CRM Perks Integration for Contact Form 7 HubSpot versions through 1.4.2 Description A flaw exists in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot that allows for Blind SQL Injection. This is due to improper neutralization of...

CVE-2025-53283 WordPress Drop Uploader for CF7 - Drag&Drop File Uploader Addon Plugin <= 2.4.1 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon allows Upload a Web Shell to a Web Server.This issue affects Drop Uploader for CF7 - Drag&Drop File...

WordPress plugin Drop Uploader for CF7 - Drag&Drop File Uploader Addon 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... WordPress...

CVE-2025-58961

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav CF7 Auto Responder Addon CF7-autoresponder-addon allows DOM-Based XSS.This issue affects CF7 Auto Responder Addon: from n/a through = 2.4...

EUVD-2025-35449

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav CF7 Auto Responder Addon CF7-autoresponder-addon allows DOM-Based XSS.This issue affects CF7 Auto Responder Addon: from n/a through = 2.4...

CVE-2025-58961 WordPress CF7 Auto Responder Addon plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kamleshyadav CF7 Auto Responder Addon CF7-autoresponder-addon allows DOM-Based XSS.This issue affects CF7 Auto Responder Addon: from n/a through = 2.4...