cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forextensions-for-cf7 extensions-for-cf7

Direction: ascending
Jun 07, 2024

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) # CVE-2024-29102

CVE, Research URL

CVE-2024-29102

Home page URL

Security reports for Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Application

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Date
Mar 19, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6.
Affected versions
Min -, max -.
Status
vulnerable

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) # CVE-2023-23899

CVE, Research URL

CVE-2023-23899

Home page URL

Security reports for Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Application

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Date
Feb 17, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.
Affected versions
Min -, max -.
Status
vulnerable
Jan 26, 2025

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) # CVE-2025-24695

CVE, Research URL

CVE-2025-24695

Home page URL

Security reports for Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Application

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Date
Jan 24, 2025
Research Description
Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery. This issue affects Extensions For CF7: from n/a through 3.2.0.
Affected versions
Min -, max -.
Status
vulnerable
Jul 23, 2025

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) # CVE-2025-7645

CVE, Research URL

CVE-2025-7645

Home page URL

Security reports for Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Application

Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Date
Jul 22, 2025
Research Description
The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, when an administrator deletes the submission, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions
Min -, max -.
Status
vulnerable