Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rocklobster contact form 7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6449
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8...
Rocklobster Contact Form 7
NA
CVE-2023-6630
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key...
Rocklobster Contact Form 7
6.8
CVSSv2
CVE-2021-24159
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin up to and including 3.1.9. If an attacker successfully tricked a site...
Rocklobster Contact Form 7
10
CVSSv2
CVE-2020-35489
The contact-form-7 (aka Contact Form 7) plugin prior to 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Rocklobster Contact Form 7
4 Github repositories
7.5
CVSSv2
CVE-2018-20979
The contact-form-7 plugin prior to 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
Rocklobster Contact Form 7
1 Github repository
NA
CVE-2023-40609
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a up to and including 1.1.3.
Rocklobster Contact Form 7 Custom Validation 1.1.3
5
CVSSv2
CVE-2014-2265
Rock Lobster Contact Form 7 prior to 3.7.2 allows remote malicious users to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
Rocklobster Contact Form 7 3.7
Rocklobster Contact Form 7 3.6
Rocklobster Contact Form 7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started