Contact Form 7 Security Vulnerabilities and Issues — Contact Form 7 CVE List

Lucene search

RocklobsterContact Form 7

3 matches found

CVE•added 2024/06/27 6:15 a.m.•273 views

CVE-2024-4704

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.

6.1CVSS6.4AI score0.00346EPSS

CVE•added 2024/03/13 10:15 p.m.•139 views

CVE-2024-2242

The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s...

6.1CVSS6.5AI score0.56285EPSS

CVE•added 2024/01/11 5:15 a.m.•36 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible ...

4.3CVSS4.8AI score0.00176EPSS