4 matches found
CVE-2023-52214
CVE-2023-52214 affects the WordPress plugin Void Contact Form 7 Widget For Elementor Page Builder (<= 2.3). The vulnerability is categorized as Broken Access Control / Missing Authorization, exploitable by subscribers with access to vulnerable AJAX endpoints. Patch status in the connected Patc...
CVE-2024-43291
CVE-2024-43291 affects Void Contact Form 7 Widget For Elementor Page Builder. Vulnerability: improper input neutralization during web page generation enabling Stored XSS in the plugin. Affected: Void Contact Form 7 Widget For Elementor Page Builder from n/a up to version 2.4.1. Impact (as stated)...
CVE-2024-5419
The CVE-2024-5419 entry describes a Stored Cross-Site Scripting in the Void Contact Form 7 Widget for Elementor Page Builder (WordPress). Affected: all versions up to 2.4. Root cause: insufficient input sanitization and output escaping of the cf7_redirect_page attribute in the Void Contact Form 7...
CVE-2022-47166
CVE-2022-47166 : CSRF vulnerability in the WordPress plugin “Void Contact Form 7 Widget For Elementor Page Builder” (versions ≤ 2.1.1). Root cause: Cross-Site Request Forgery in the plugin’s handling of user requests. Impact: potentially allows unauthorized actions within the application (per cit...