Vulnerabilites related to rocklobster - contact_form_7
Vulnerability from fkie_nvd
Published
2019-08-22 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wordpress.org/plugins/contact-form-7/#developers | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/contact-form-7/#developers | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "976CF408-7BB2-4ECF-ADC5-2B7C88F45411",
"versionEndExcluding": "5.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type."
},
{
"lang": "es",
"value": "El plugin contact-form-7 versiones anteriores a 5.0.4 para WordPress, presenta una escalada de privilegios debido al manejo inapropiado de capability_type en register_post_type."
}
],
"id": "CVE-2018-20979",
"lastModified": "2024-11-21T04:02:36.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-22T13:15:12.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-13 22:15
Modified
2025-01-17 19:57
Severity ?
Summary
The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "357F32F3-4A95-4E33-998F-0ADF9EFF7649",
"versionEndExcluding": "5.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018active-tab\u2019 parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Contact Form 7 para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro \u0027active-tab\u0027 en todas las versiones hasta la 5.9 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"id": "CVE-2024-2242",
"lastModified": "2025-01-17T19:57:07.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2024-03-13T22:15:12.173",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Broken Link"
],
"url": "https://plugins.trac.wordpress.org/changeset/3049594/contact-form-7/trunk/admin/edit-contact-form.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://plugins.trac.wordpress.org/changeset/3049594/contact-form-7/trunk/admin/edit-contact-form.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-27 06:15
Modified
2024-11-21 09:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/8bdcdb5a-9026-4157-8592-345df8fb1a17/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/8bdcdb5a-9026-4157-8592-345df8fb1a17/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2683E717-A67C-4BF2-934F-8141F092D151",
"versionEndExcluding": "5.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing."
},
{
"lang": "es",
"value": " El complemento de WordPress Contact Form 7 anterior a 5.9.5 tiene una redirecci\u00f3n abierta que permite a un atacante utilizar una URL falsa y redirigir a la URL de su elecci\u00f3n."
}
],
"id": "CVE-2024-4704",
"lastModified": "2024-11-21T09:43:24.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-27T06:15:14.697",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/8bdcdb5a-9026-4157-8592-345df8fb1a17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/8bdcdb5a-9026-4157-8592-345df8fb1a17/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-11 05:15
Modified
2024-11-21 08:44
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0F0CD4C6-4B56-4305-B81F-C35BF5C28D81",
"versionEndIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key."
},
{
"lang": "es",
"value": "El complemento Contact Form 7 \u2013 Dynamic Text Extension para WordPress es vulnerable a Insecure Direct Object Reference en todas las versiones hasta la 4.1.0 incluida a trav\u00e9s de los c\u00f3digos cortos CF7_get_custom_field y CF7_get_current_user debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto hace posible que atacantes autenticados con acceso de colaborador o superior accedan a metadatos arbitrarios de cualquier tipo de publicaci\u00f3n, haciendo referencia a la publicaci\u00f3n por identificaci\u00f3n y a la meta por clave."
}
],
"id": "CVE-2023-6630",
"lastModified": "2024-11-21T08:44:15.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-11T05:15:09.010",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3019572%40contact-form-7-dynamic-text-extension%2Ftrunk\u0026old=2968460%40contact-form-7-dynamic-text-extension%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file4"
},
{
"source": "security@wordfence.com",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f1d836-da32-414f-9f2b-d485c44b2486?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3019572%40contact-form-7-dynamic-text-extension%2Ftrunk\u0026old=2968460%40contact-form-7-dynamic-text-extension%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f1d836-da32-414f-9f2b-d485c44b2486?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-17 19:15
Modified
2024-11-21 05:27
Severity ?
Summary
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "13D36B87-FF90-47BF-A55D-319761428F2B",
"versionEndExcluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters."
},
{
"lang": "es",
"value": "El plugin contact-form-7 (tambi\u00e9n se conoce como Contact Form 7) versiones anteriores a 5.3.2 para WordPress, permite una Carga de Archivos Sin Restricciones y una ejecuci\u00f3n de c\u00f3digo remota porque un nombre de archivo puede contener caracteres especiales"
}
],
"id": "CVE-2020-35489",
"lastModified": "2024-11-21T05:27:23.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-17T19:15:14.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contactform7.com/2020/12/17/contact-form-7-532/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/10508"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://contactform7.com/2020/12/17/contact-form-7-532/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/10508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-16 06:15
Modified
2025-07-08 18:13
Severity ?
Summary
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E6C3AAB5-EA58-4D4F-BC1D-3B92CE46E134",
"versionEndExcluding": "6.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the \u0027wpcf7_stripe_skip_spam_check\u0027 function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order."
},
{
"lang": "es",
"value": "El complemento Contact Form 7 para WordPress es vulnerable a la repetici\u00f3n de pedidos en todas las versiones hasta la 6.0.5 incluida, a trav\u00e9s de la funci\u00f3n \u0027wpcf7_stripe_skip_spam_check\u0027, debido a una validaci\u00f3n insuficiente en una clave controlada por el usuario. Esto permite que atacantes no autenticados reutilicen un \u00fanico PaymentIntent de Stripe para m\u00faltiples transacciones. Solo la primera transacci\u00f3n se procesa a trav\u00e9s de Stripe, pero el plugin env\u00eda un correo electr\u00f3nico con cada transacci\u00f3n realizada correctamente, lo que puede enga\u00f1ar al administrador para que complete cada pedido."
}
],
"id": "CVE-2025-3247",
"lastModified": "2025-07-08T18:13:23.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2025-04-16T06:15:42.933",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product",
"Broken Link"
],
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7/tags/6.0.5/modules/stripe/stripe.php#L114"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch",
"Broken Link"
],
"url": "https://plugins.trac.wordpress.org/changeset/3270138/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38257dbf-288e-4028-af65-85f5389888ac?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-01 11:15
Modified
2024-11-21 08:43
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CEC7BD65-A3F1-4800-A8F4-E0C6322CEBB0",
"versionEndExcluding": "5.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the \u0027validate\u0027 function and insufficient blocklisting on the \u0027wpcf7_antiscript_file_name\u0027 function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site\u0027s server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion."
},
{
"lang": "es",
"value": "El complemento Contact Form 7 para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validaci\u00f3n insuficiente del tipo de archivo en la funci\u00f3n \u0027validar\u0027 y a una lista de bloqueo insuficiente en la funci\u00f3n \u0027wpcf7_antiscript_file_name\u0027 en versiones hasta la 5.8.3 incluida. Esto hace posible que atacantes autenticados con capacidades de nivel de editor o superior carguen archivos arbitrarios en el servidor del sitio afectado, pero debido a la configuraci\u00f3n de htaccess, el c\u00f3digo remoto no se puede ejecutar en la mayor\u00eda de los casos. De forma predeterminada, el archivo se eliminar\u00e1 del servidor inmediatamente. Sin embargo, en algunos casos, otros complementos pueden hacer posible que el archivo permanezca m\u00e1s tiempo en el servidor. Esto puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo cuando se combina con otra vulnerabilidad, como la inclusi\u00f3n de archivos locales."
}
],
"id": "CVE-2023-6449",
"lastModified": "2024-11-21T08:43:53.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-01T11:15:08.310",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Release Notes"
],
"url": "https://contactform7.com/2023/11/30/contact-form-7-584/"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://github.com/rocklobster-in/contact-form-7/compare/v5.8.3...v5.8.4"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7/tags/5.8.3/includes/formatting.php#L275"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3003556/contact-form-7"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://contactform7.com/2023/11/30/contact-form-7-584/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/rocklobster-in/contact-form-7/compare/v5.8.3...v5.8.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7/tags/5.8.3/includes/formatting.php#L275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3003556/contact-form-7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-05 19:15
Modified
2024-11-21 05:52
Severity ?
Summary
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "91CBDF13-18DC-4BAE-A5B2-C60DECC2C62A",
"versionEndIncluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site\u2019s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript."
},
{
"lang": "es",
"value": "Debido a la falta de saneamiento y una falta de protecci\u00f3n nonce en la funcionalidad CSS personalizada, un atacante podr\u00eda dise\u00f1ar una petici\u00f3n para inyectar JavaScript malicioso en un sitio usando el plugin de WordPress Contact Form 7 Style versiones hasta 3.1.9.\u0026#xa0;Si un atacante enga\u00f1aba con \u00e9xito al administrador de un sitio para que hiciera clic en un enlace o archivo adjunto, la petici\u00f3n podr\u00eda ser enviada y la configuraci\u00f3n de CSS se actualizar\u00eda con \u00e9xito para incluir JavaScript malicioso"
}
],
"id": "CVE-2021-24159",
"lastModified": "2024-11-21T05:52:29.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-05T19:15:15.047",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9"
},
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-14 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rocklobster | contact_form_7 | * | |
| rocklobster | contact_form_7 | 3.6 | |
| rocklobster | contact_form_7 | 3.7 | |
| wordpress | wordpress | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A9A9CC60-517D-4B9D-B7C8-D9C8D9F91B9B",
"versionEndIncluding": "3.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:3.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "289007CB-5048-4D41-B4EA-83D387E4A1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rocklobster:contact_form_7:3.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E228312C-BD7F-43D1-BC24-CA04AEF4B013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter."
},
{
"lang": "es",
"value": "Rock Lobster Contact Form 7 anterior a 3.7.2 permite a los atacantes remotos omitir el mecanismo de protecci\u00f3n CAPTCHA y enviar datos de formularios arbitrarios omitiendo el par\u00e1metro _wpcf7_captcha_challenge_captcha-719."
}
],
"id": "CVE-2014-2265",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-14T10:55:06.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://contactform7.com/2014/02/26/contact-form-7-372/"
},
{
"source": "cve@mitre.org",
"url": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "http://wordpress.org/plugins/contact-form-7/changelog"
},
{
"source": "cve@mitre.org",
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.cvedetails.com/cve/CVE-2014-2265/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://contactform7.com/2014/02/26/contact-form-7-372/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wordpress.org/plugins/contact-form-7/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cvedetails.com/cve/CVE-2014-2265/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-24159 (GCVE-0-2021-24159)
Vulnerability from cvelistv5
Published
2021-04-05 18:27
Modified
2024-08-03 19:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Contact Form 7 Style |
Version: 3.1.9 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contact Form 7 Style",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "3.1.9",
"status": "affected",
"version": "3.1.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site\u2019s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-05T18:27:43",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Contact Form 7 Style \u003c= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24159",
"STATE": "PUBLIC",
"TITLE": "Contact Form 7 Style \u003c= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contact Form 7 Style",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.1.9",
"version_value": "3.1.9"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site\u2019s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/363182f1-9fda-4363-8f6a-be37c4c07aa9"
},
{
"name": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24159",
"datePublished": "2021-04-05T18:27:43",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3247 (GCVE-0-2025-3247)
Vulnerability from cvelistv5
Published
2025-04-16 05:23
Modified
2025-04-16 13:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Summary
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| takayukister | Contact Form 7 |
Version: * ≤ 6.0.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T13:23:21.654939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T13:23:45.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Contact Form 7",
"vendor": "takayukister",
"versions": [
{
"lessThanOrEqual": "6.0.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asaf Mozes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the \u0027wpcf7_stripe_skip_spam_check\u0027 function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T05:23:00.706Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38257dbf-288e-4028-af65-85f5389888ac?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7/tags/6.0.5/modules/stripe/stripe.php#L114"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3270138/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T16:56:22.000+00:00",
"value": "Disclosed"
}
],
"title": "Contact Form 7 \u003c= 6.0.5 - Order Replay Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-3247",
"datePublished": "2025-04-16T05:23:00.706Z",
"dateReserved": "2025-04-04T00:06:57.248Z",
"dateUpdated": "2025-04-16T13:23:45.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6630 (GCVE-0-2023-6630)
Vulnerability from cvelistv5
Published
2024-01-11 04:30
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sevenspark | Contact Form 7 – Dynamic Text Extension |
Version: * ≤ 4.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f1d836-da32-414f-9f2b-d485c44b2486?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3019572%40contact-form-7-dynamic-text-extension%2Ftrunk\u0026old=2968460%40contact-form-7-dynamic-text-extension%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T17:56:49.856338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:13.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Contact Form 7 \u2013 Dynamic Text Extension",
"vendor": "sevenspark",
"versions": [
{
"lessThanOrEqual": "4.1.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-359 Exposure of Private Information (\u0027Privacy Violation\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T04:30:47.600Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f1d836-da32-414f-9f2b-d485c44b2486?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3019572%40contact-form-7-dynamic-text-extension%2Ftrunk\u0026old=2968460%40contact-form-7-dynamic-text-extension%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6630",
"datePublished": "2024-01-11T04:30:47.600Z",
"dateReserved": "2023-12-08T16:49:16.312Z",
"dateUpdated": "2025-06-17T21:09:13.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2242 (GCVE-0-2024-2242)
Vulnerability from cvelistv5
Published
2024-03-13 21:32
Modified
2024-08-01 19:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| takayukister | Contact Form 7 |
Version: * ≤ 5.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T13:20:36.435085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:30:16.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:39.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3049594/contact-form-7/trunk/admin/edit-contact-form.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Contact Form 7",
"vendor": "takayukister",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Asaf Mozes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018active-tab\u2019 parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T21:32:56.042Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3049594/contact-form-7/trunk/admin/edit-contact-form.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-13T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2242",
"datePublished": "2024-03-13T21:32:56.042Z",
"dateReserved": "2024-03-06T22:41:15.679Z",
"dateUpdated": "2024-08-01T19:03:39.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4704 (GCVE-0-2024-4704)
Vulnerability from cvelistv5
Published
2024-06-27 06:00
Modified
2024-08-01 20:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/8bdcdb5a-9026-4157-8592-345df8fb1a17/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Contact Form 7 |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "contact_form_7",
"vendor": "rocklobster",
"versions": [
{
"lessThan": "5.9.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T13:46:26.464358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T13:49:26.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8bdcdb5a-9026-4157-8592-345df8fb1a17/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Contact Form 7",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.9.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "William Bastos - cHoR4o"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T06:00:04.176Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/8bdcdb5a-9026-4157-8592-345df8fb1a17/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": " Contact Form 7 \u003c 5.9.5 - Unauthenticated Open Redirect",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4704",
"datePublished": "2024-06-27T06:00:04.176Z",
"dateReserved": "2024-05-09T19:06:53.947Z",
"dateUpdated": "2024-08-01T20:47:41.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35489 (GCVE-0-2020-35489)
Vulnerability from cvelistv5
Published
2020-12-17 18:16
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/contact-form-7/#developers | x_refsource_MISC | |
| https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/ | x_refsource_MISC | |
| https://contactform7.com/2020/12/17/contact-form-7-532/ | x_refsource_MISC | |
| https://wpscan.com/vulnerability/10508 | x_refsource_MISC | |
| https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://contactform7.com/2020/12/17/contact-form-7-532/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/10508"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T18:16:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://contactform7.com/2020/12/17/contact-form-7-532/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/10508"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/contact-form-7/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
},
{
"name": "https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/",
"refsource": "MISC",
"url": "https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload/"
},
{
"name": "https://contactform7.com/2020/12/17/contact-form-7-532/",
"refsource": "MISC",
"url": "https://contactform7.com/2020/12/17/contact-form-7-532/"
},
{
"name": "https://wpscan.com/vulnerability/10508",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/10508"
},
{
"name": "https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/",
"refsource": "MISC",
"url": "https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35489",
"datePublished": "2020-12-17T18:16:00",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2265 (GCVE-0-2014-2265)
Vulnerability from cvelistv5
Published
2014-03-14 10:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://contactform7.com/2014/02/26/contact-form-7-372/ | x_refsource_CONFIRM | |
| http://wordpress.org/plugins/contact-form-7/changelog | x_refsource_CONFIRM | |
| http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/ | x_refsource_MISC | |
| https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/ | x_refsource_MISC | |
| https://www.cvedetails.com/cve/CVE-2014-2265/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://contactform7.com/2014/02/26/contact-form-7-372/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/plugins/contact-form-7/changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cvedetails.com/cve/CVE-2014-2265/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-27T12:44:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://contactform7.com/2014/02/26/contact-form-7-372/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/plugins/contact-form-7/changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cvedetails.com/cve/CVE-2014-2265/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://contactform7.com/2014/02/26/contact-form-7-372/",
"refsource": "CONFIRM",
"url": "http://contactform7.com/2014/02/26/contact-form-7-372/"
},
{
"name": "http://wordpress.org/plugins/contact-form-7/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/contact-form-7/changelog"
},
{
"name": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/",
"refsource": "MISC",
"url": "http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/"
},
{
"name": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/",
"refsource": "MISC",
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/"
},
{
"name": "https://www.cvedetails.com/cve/CVE-2014-2265/",
"refsource": "MISC",
"url": "https://www.cvedetails.com/cve/CVE-2014-2265/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2265",
"datePublished": "2014-03-14T10:00:00",
"dateReserved": "2014-03-04T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6449 (GCVE-0-2023-6449)
Vulnerability from cvelistv5
Published
2023-12-01 11:00
Modified
2024-10-15 17:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| takayukister | Contact Form 7 |
Version: * ≤ 5.8.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7/tags/5.8.3/includes/formatting.php#L275"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rocklobster-in/contact-form-7/compare/v5.8.3...v5.8.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://contactform7.com/2023/11/30/contact-form-7-584/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3003556/contact-form-7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:08.628263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:40:47.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Contact Form 7",
"vendor": "takayukister",
"versions": [
{
"lessThanOrEqual": "5.8.3",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the \u0027validate\u0027 function and insufficient blocklisting on the \u0027wpcf7_antiscript_file_name\u0027 function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site\u0027s server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-01T11:00:06.019Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contact-form-7/tags/5.8.3/includes/formatting.php#L275"
},
{
"url": "https://github.com/rocklobster-in/contact-form-7/compare/v5.8.3...v5.8.4"
},
{
"url": "https://contactform7.com/2023/11/30/contact-form-7-584/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3003556/contact-form-7"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-21T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-11-21T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-30T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6449",
"datePublished": "2023-12-01T11:00:06.019Z",
"dateReserved": "2023-11-30T21:43:37.083Z",
"dateUpdated": "2024-10-15T17:40:47.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20979 (GCVE-0-2018-20979)
Vulnerability from cvelistv5
Published
2019-08-22 12:36
Modified
2024-08-05 12:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/contact-form-7/#developers | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T12:36:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/contact-form-7/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/contact-form-7/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20979",
"datePublished": "2019-08-22T12:36:19",
"dateReserved": "2019-08-21T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}