Product
rocklobster contact form 7
10 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-14457
CVE-2025-3247
CVE-2024-4704
CVE-2024-2242
CVE-2023-6630
CVE-2023-6449
CVE-2021-24159
CVE-2020-35489
CVE-2018-20979
CVE-2014-2265
<= 1.3.9.2
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data
< 6.0.6
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_s
< 5.9.5
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect
< 5.9.2
The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all
<= 4.1.0
The Contact Form 7 - Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions
< 5.8.4
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'v
<= 3.1.9
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to injec
< 5.3.2
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code executio
< 5.0.4
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_p
<= 3.7.1
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary f