13 matches found
EUVD-2021-11975
Malware in sbrugna...
EUVD-2023-34908
Malicious code in bioql PyPI...
EUVD-2022-50346
Malicious code in bioql PyPI...
CVE-2025-54020 WordPress AntiSpam for Contact Form 7 plugin <= 0.6.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Erik AntiSpam for Contact Form 7 cf7-antispam allows Cross Site Request Forgery.This issue affects AntiSpam for Contact Form 7: from n/a through = 0.6.3...
CVE-2025-3515 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and...
CVE-2024-12423
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
CVE-2024-3585
CVE-2024-3585 describes a vulnerability in the Send PDF for Contact Form 7 plugin for WordPress. It permits unauthenticated access to form submissions (including PDFs) due to a missing capability check on the hooks function in all versions up to and including 1.0.2.3, enabling information exposur...
CVE-2024-1779
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...
CVE-2024-1777 Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...
WordPress Redirection for Contact Form 7 Plugin <= 2.9.2 is vulnerable to Broken Access Control
Software Redirection for Contact Form 7 Type Plugin Vulnerable versions = 2.9.2 Fixed in 3.0.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-39920 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ca4cdb116544 Credits Nguyen Anh...
CVE-2023-24395
Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin = 1.0.3 versions...
CVE-2021-36913 Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin = 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension plugin AccessiBe...
CVE-2021-36913 Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin = 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension plugin AccessiBe...