Vulnerabilities and security researches forsend-pdf-for-contact-form-7

CVE, Research URL: CVE-2024-3585
Home page URL: Security reports for Send PDF for Contact Form 7
Application: Send PDF for Contact Form 7
Date: May 02, 2024
Research Description: The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about contact form entries with PDFs.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: f10734a1ded3f4fb4bf97398bf82b8041b3ec077
Home page URL: Security reports for Send PDF for Contact Form 7
Application: Send PDF for Contact Form 7
Date: Jun 19, 2022
Research Description: Send PDF for Contact Form 7 [send-pdf-for-contact-form-7] < 0.9.2 (closed) Send PDF for Contact Form 7 <= 0.9.1 - Multiple Cross-Site Scripting The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on multiple parameters. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-0143
Home page URL: Security reports for Send PDF for Contact Form 7
Application: Send PDF for Contact Form 7
Date: Feb 07, 2023
Research Description: The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches forsend-pdf-for-contact-form-7 send-pdf-for-contact-form-7