Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Contact-Form-7-Datepicker Security Vulnerabilities - February

cve
cve

CVE-2020-11516

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator cr...

5.4CVSS

5.2AI Score

0.001EPSS

2020-04-07 05:15 PM
53
cve
cve

CVE-2024-4704

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.

6.1CVSS

6.4AI Score

0.0005EPSS

2024-06-27 06:15 AM
83