cleantalk
Vulnerabilities and Security Researches

Conditional Fields for Contact Form 7, 0bb038577e135241efdec5ee2901e7ead90280e7

CVE, Research URL

0bb038577e135241efdec5ee2901e7ead90280e7

Home page URL

Security reports for Conditional Fields for Contact Form 7

Application

Conditional Fields for Contact Form 7

Published on
Nov 14, 2023
Research Description
Conditional Fields for Contact Form 7 [cf7-conditional-fields] < 2.4.1 (closed) Conditional Fields for Contact Form 7 <= 2.4.0 - Missing Authorization The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when showing admin notices in all versions up to 2.4.0 (inclusive). This makes it possible for attackers to read admin notices.
Affected versions
max 2.4.1.
Status
vulnerable
Previous vulnerability researches
Conditional Fields for Contact Form 7 (CVE-2023-47838) , Jun 10, 2024
Conditional Fields for Contact Form 7 (CVE-2026-25863) , May 06, 2026
Conditional Fields for Contact Form 7 (0bb038577e135241efdec5ee2901e7ead90280e7) , Jun 07, 2024
Conditional Fields for Contact Form 7 (CVE-2024-50412) , Oct 27, 2024
Conditional Fields for Contact Form 7 (CVE-2024-5804) , Jul 20, 2024
New vulnerability
Royal Elementor Addons and Templates (CVE-2026-4803) , May 06, 2026
Royal Elementor Addons and Templates (CVE-2026-5159) , May 06, 2026
NEX-Forms &#8211; Ultimate Form Builder &#8211; Contact forms and much more (CVE-2026-5063) , May 06, 2026
Loco Translate (CVE-2026-1921) , May 06, 2026
Conditional Fields for Contact Form 7 (CVE-2026-25863) , May 06, 2026