Rocklobster Contact_form_7

9 CVEs affecting Rocklobster Contact_form_7. Latest disclosed: 2025-04-16. Critical: 2, High: 1.

Top CVEs affecting Rocklobster Contact_form_7
CVESeverityScorePublishedSummary
CVE-2020-35489Critical10.02020-12-17The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may cont…
CVE-2018-20979Critical9.82019-08-22The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
CVE-2021-24159High8.82021-04-05Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a s…
CVE-2023-6449Medium6.62023-12-01The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insuffi…
CVE-2024-4704Medium6.12024-06-27The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
CVE-2024-2242Medium6.12024-03-13The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5…
CVE-2025-3247Medium5.32025-04-16The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' functi…
CVE-2023-6630Medium4.32024-01-11The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0…
CVE-2014-22652014-03-14Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpc…