cleantalk
Vulnerabilities and Security Researches

Accept Stripe Payments Using Contact Form 7, CVE-2024-12255

CVE, Research URL

CVE-2024-12255

Home page URL

Security reports for Accept Stripe Payments Using Contact Form 7

Application

Accept Stripe Payments Using Contact Form 7

Published on
Dec 12, 2024
Research Description
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.
Affected versions
Min -, max 2.6.
Status
vulnerable
Previous vulnerability researches
Accept Stripe Payments Using Contact Form 7 (CVE-2024-12255) , Dec 13, 2024
Accept Stripe Payments Using Contact Form 7 (CVE-2025-53309) , Jul 03, 2025
New vulnerability
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-49991) , Jul 04, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-52796) , Jul 04, 2025
Navayan Subscribe (CVE-2025-53311) , Jul 04, 2025
Trust Payments Gateway for WooCommerce (JavaScript Library) (CVE-2025-53569) , Jul 04, 2025
Video List Manager (CVE-2025-52776) , Jul 04, 2025