Sevenspark Contact Form 7 Dynamic Text Extension vulnerabilities
4 known vulnerabilities affecting sevenspark/contact_form_7_dynamic_text_extension.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-63068P4MEDIUMCVSS 5.3≤ 5.0.52025-12-09
CVE-2025-63068 [MEDIUM] CWE-80 CVE-2025-63068: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in seven
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.5.
nvd
CVE-2023-6630P4MEDIUMCVSS 4.3≤ 4.1.02024-01-11
CVE-2023-6630 [MEDIUM] CWE-359 CVE-2023-6630: The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Ob
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or
nvd
CVE-2024-10084P4MEDIUMCVSS 4.3fixed in 4.5.1≤ 4.52024-11-05
CVE-2024-10084 [MEDIUM] CWE-200 CVE-2024-10084: The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protec
nvd
CVE-2024-56218P4MEDIUMCVSS 4.3≤ 5.0.12024-12-31
CVE-2024-56218 [MEDIUM] CWE-352 CVE-2024-56218: Cross-Site Request Forgery (CSRF) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extensio
Cross-Site Request Forgery (CSRF) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.1.
nvd