Vulnerabilities and security researches forcf7-message-filter cf7-message-filter

Jun 06, 2024

CVE, Research URL: 2ce5bc58e1bc50015a71852601e76f74ab79ea10
Home page URL: Security reports for Message Filter for Contact Form 7
Application: Message Filter for Contact Form 7
Date: Jul 19, 2023
Research Description: Message Filter for Contact Form 7 [cf7-message-filter] < 1.4.3 WordPress Message Filter for Contact Form 7 Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Message Filter for Contact Form 7 plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Message Filter for Contact Form 7 Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.4.3.
Affected versions: Min -, max -.
Status: vulnerable

Aug 04, 2024

CVE, Research URL: CVE-2024-39647
Home page URL: Security reports for Message Filter for Contact Form 7
Application: Message Filter for Contact Form 7
Date: Aug 02, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 allows Reflected XSS.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.1.1.
Affected versions: Min -, max -.
Status: vulnerable

Dec 07, 2024

CVE, Research URL: CVE-2024-12026
Home page URL: Security reports for Message Filter for Contact Form 7
Application: Message Filter for Contact Form 7
Date: Dec 07, 2024
Research Description: The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-12027
Home page URL: Security reports for Message Filter for Contact Form 7
Application: Message Filter for Contact Form 7
Date: Dec 06, 2024
Research Description: The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters.
Affected versions: Min -, max -.
Status: vulnerable

Dec 11, 2024

CVE, Research URL: CVE-2024-54254
Home page URL: Security reports for Message Filter for Contact Form 7
Application: Message Filter for Contact Form 7
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.
Affected versions: Min -, max -.
Status: vulnerable

Apr 24, 2025

CVE, Research URL: CVE-2025-46252
Home page URL: Security reports for Message Filter for Contact Form 7
Application: Message Filter for Contact Form 7
Date: Apr 22, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.
Affected versions: Min -, max -.
Status: vulnerable