Lucene search
+L

49 matches found

Cvelist
Cvelist
added 2025/09/09 4:33 p.m.12 views

CVE-2025-58989 WordPress Dynamic Text Field For Contact Form 7 Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 dynamic-text-field-for-contact-form-7 allows Stored XSS.This issue affects Dynamic Text Field For Contact Form 7: from n/a through = 1.0...

6.5CVSS0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.3 views

WordPress plugin Dynamic Text Field For Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.5CVSS5.6AI score0.00154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36809

Name of the Vulnerable Software and Affected Versions: Dynamic Text Field For Contact Form 7 versions through 1.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting XSS. Recommendations:...

6.5CVSS5.7AI score0.00154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:8 a.m.4 views

CVE-2024-56218

Cross-Site Request Forgery CSRF vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.1...

4.3CVSS7.2AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.5 views

CVE-2024-10084

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7getpostvar shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the...

4.3CVSS5.5AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2024/12/31 10:15 a.m.28 views

CVE-2024-56218

Cross-Site Request Forgery CSRF vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.1...

4.3CVSS0.00147EPSS
Exploits0References1
Prion
Prion
added 2024/12/31 10:15 a.m.12 views

CVE-2024-56218

Cross-Site Request Forgery CSRF vulnerability in AuRise Creative, SevenSpark Contact Form 7 Dynamic Text Extension allows Cross Site Request Forgery.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through 5.0.1...

0.00147EPSS
Exploits0References1
CVE
CVE
added 2024/12/31 10:12 a.m.49 views

CVE-2024-56218

CVE-2024-56218 describes a Cross-Site Request Forgery (CSRF) vulnerability in Contact Form 7 Dynamic Text Extension (AuRise Creative, SevenSpark). The description states CSRF is possible in versions CF7 Dynamic Text Extension from n/a through 5.0.1. The connected documents confirm the issue type ...

4.3CVSS7.2AI score0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/31 10:12 a.m.7 views

CVE-2024-56218 WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in AuRise Creative, SevenSpark Contact Form 7 Dynamic Text Extension allows Cross Site Request Forgery.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through 5.0.1...

4.3CVSS4.7AI score0.00147EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/31 12:0 a.m.4 views

WordPress plugin Contact Form 7 Dynamic Text Extension 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

4.3CVSS8AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.4 views

PT-2024-36752 · WordPress · Contact Form 7 – Dynamic Text Extension

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Dynamic Text Extension versions n/a through 5.0.1 Description: A Cross-Site Request Forgery CSRF issue affects the Contact Form 7 Dynamic Text Extension, allowing unauthorized requests. This can lead to Cross Site Request...

4.3CVSS9.5AI score0.00147EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/12/19 12:5 p.m.7 views

WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability

WordPress Contact Form 7 - Dynamic Text Extension plugin = 5.0.1 - Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Contact Form 7 – Dynamic Text Extension versions = 5.0.1...

4.3CVSS7AI score0.00147EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/11/05 10:15 p.m.13 views

CVE-2024-10084

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7getpostvar shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the...

4.3CVSS0.00344EPSS
Exploits0References2
OSV
OSV
added 2024/11/05 10:15 p.m.4 views

CVE-2024-10084

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7getpostvar shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the...

4.3CVSS5.8AI score0.00344EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/05 10:58 a.m.6 views

WordPress Contact Form 7 – Dynamic Text Extension plugin <= 4.5 - Information Disclosure via Shortcode vulnerability

Information Disclosure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Contact Form 7 – Dynamic Text Extension versions = 4.5...

4.3CVSS6.6AI score0.00344EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.11 views

WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.5 is vulnerable to Sensitive Data Exposure

Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.5 Fixed in 4.5.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10084 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a8f9f7ebcd8 Credits...

4.3CVSS6.6AI score0.00344EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.11 views

PT-2024-16017 · WordPress · Contact Form 7 – Dynamic Text Extension

Name of the Vulnerable Software and Affected Versions: Contact Form 7 – Dynamic Text Extension plugin for WordPress versions prior to 4.5.0 Description: The Contact Form 7 – Dynamic Text Extension plugin for WordPress has a Basic Information Disclosure issue. This makes it possible for...

4.3CVSS6.8AI score0.00344EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.6 views

WordPress plugin Contact Form 7 – Dynamic Text Extension 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability exist...

4.3CVSS7.6AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2024/01/11 5:15 a.m.24 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS4.4AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2024/01/11 5:15 a.m.3 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.9AI score0.00349EPSS
Exploits0References2
Rows per page
Query Builder