EUVD-2023-27982

Malicious code in bioql PyPI...

PT-2025-30383 · WordPress · Conditional Fields +3

Name of the Vulnerable Software and Affected Versions: Extensions For CF7 versions up to and including 3.2.8 Description: The Extensions For CF7 Contact form 7 Database, Conditional Fields and Redirection plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path...

WordPress Extensions For CF7 plugin <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion vulnerability

Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Extensions For CF7 versions = 3.2.8...

CVE-2023-44989

Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5...

CVE-2023-23899

Cross-Site Request Forgery CSRF vulnerability in HasThemes Extensions For CF7 plugin = 2.0.8 versions leads to arbitrary plugin activation...

CVE-2025-24695

CVE-2025-24695 describes a Server-Side Request Forgery (SSRF) in HasThemes Extensions For CF7. Affected software: Extensions For CF7 (WordPress plugin) up to version 3.2.0. Root cause details are not explicitly described beyond SSRF, and exploitation status is not provided in the given documents....

CVE-2023-49167 WordPress Database for CF7 plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through = 1.2.4...

CVE-2024-29102 WordPress Extensions For CF7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in HasThemes Extensions For CF7 plugin = 2.0.8 versions leads to arbitrary plugin activation...

CVE-2023-23899 WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in HasThemes Extensions For CF7 plugin = 2.0.8 versions leads to arbitrary plugin activation...

WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Extensions For CF7 Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.0.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23899 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0538927ff62d Credits István Márton...

CF7 Invisible reCaptcha <= 1.3.1 - XSS

The CF7 Invisible reCAPTCHA WordPress plugin was affected by a XSS security vulnerability...