Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rocklobster contact form 7 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-6630
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key...
Rocklobster Contact Form 7
7.2
CVSSv3
CVE-2023-6449
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8...
Rocklobster Contact Form 7
9.8
CVSSv3
CVE-2023-40609
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a up to and including 1.1.3.
Rocklobster Contact Form 7 Custom Validation 1.1.3
8.8
CVSSv3
CVE-2021-24159
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin up to and including 3.1.9. If an attacker successfully tricked a site...
Rocklobster Contact Form 7
10
CVSSv3
CVE-2020-35489
The contact-form-7 (aka Contact Form 7) plugin prior to 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Rocklobster Contact Form 7
5 Github repositories
9.8
CVSSv3
CVE-2018-20979
The contact-form-7 plugin prior to 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
Rocklobster Contact Form 7
1 Github repository
NA
CVE-2014-2265
Rock Lobster Contact Form 7 prior to 3.7.2 allows remote malicious users to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
Rocklobster Contact Form 7 3.7
Rocklobster Contact Form 7 3.6
Rocklobster Contact Form 7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started