Rocklobster Contact_form_7
9 CVEs affecting Rocklobster Contact_form_7. Latest disclosed: 2025-04-16. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-35489 | Critical | 10.0 | 2020-12-17 | The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may cont… |
CVE-2018-20979 | Critical | 9.8 | 2019-08-22 | The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. |
CVE-2021-24159 | High | 8.8 | 2021-04-05 | Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a s… |
CVE-2023-6449 | Medium | 6.6 | 2023-12-01 | The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insuffi… |
CVE-2024-4704 | Medium | 6.1 | 2024-06-27 | The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. |
CVE-2024-2242 | Medium | 6.1 | 2024-03-13 | The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5… |
CVE-2025-3247 | Medium | 5.3 | 2025-04-16 | The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' functi… |
CVE-2023-6630 | Medium | 4.3 | 2024-01-11 | The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0… |
CVE-2014-2265 | | 2014-03-14 | Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpc… |