WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting

WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute. id: CVE-2022-2187 info: name: WordPress Contact Form 7 Captcha 0.1.2 - Cross-Site Scripting...

Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by fayespiegel in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...

WordPress plugin Contact Form 7 – PayPal & Stripe Add-on 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

PT-2026-36894

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...

WordPress WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms plugin <= 1.7.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin CF7 WOW Styler versions = 1.7.0...

WordPress plugin Accept PayPal Payments using Contact Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

CVE-2026-32527 WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable...

WordPress plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be integrated...

WordPress plugin Spam Protect for Contact Form 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Andrea Bocchetti in WordPress Plugin Spam Protect for Contact Form 7 versions = 1.2.9...

WordPress plugin Database for Contact Form 7, WPforms, Elementor forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

WordPress Contact Form 7 Connector plugin < 1.2.3 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Contact Form 7 Connector versions 1.2.3...

WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation vulnerability

Missing Authorization to Authenticated Subscriber+ New Filter Creation vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3...

WordPress Accept Stripe Payments Using Contact Form 7 plugin <= 2.5 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Joshua Chan in WordPress Plugin Accept Stripe Payments Using Contact Form 7 versions = 2.5...

PT-2026-6219

Name of the Vulnerable Software and Affected Versions Themefic Ultimate Addons for Contact Form 7 versions through 3.5.34 Description An issue exists in Themefic Ultimate Addons for Contact Form 7 related to incorrectly configured access control security levels, potentially allowing unauthorized...

WordPress Flamix: Bitrix24 and Contact Form 7 integrations plugin <= 3.1.0 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Flamix: Bitrix24 and Contact Form 7 integrations versions = 3.1.0...

WordPress Plugin Contact Form 7 GetResponse Extension Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Contact Form 7 GetRespon...