Themeisle Redirection For Contact Form 7
8 CVEs affecting Themeisle Redirection For Contact Form 7. Latest disclosed: 2026-06-15. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-8141 | High | 8.8 | 2025-08-20 | The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associa… |
CVE-2025-8145 | High | 8.8 | 2025-08-20 | The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization o… |
CVE-2025-14800 | High | 8.1 | 2025-12-21 | The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_to_upload… |
CVE-2025-8289 | High | 7.5 | 2025-08-20 | The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization o… |
CVE-2023-39920 | High | 7.5 | 2024-12-13 | Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security… |
CVE-2026-23970 | High | 7.1 | 2026-06-15 | Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions. |
CVE-2025-9562 | Medium | 6.4 | 2025-10-18 | The Redirection for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qs_date shortcode in all versions up to… |
CVE-2022-4974 | Medium | 6.3 | 2024-10-16 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to… |