cleantalk
Vulnerabilities and Security Researches

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler, CVE-2024-12419

CVE, Research URL

CVE-2024-12419

Home page URL

Security reports for Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Application

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Published on
Jan 07, 2025
Research Description
The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. Version 1.7.0 patched the Reflected XSS issue, however, the arbitrary shortcode execution issue remains.
Affected versions
Min -, max 1.7.1.
Status
vulnerable
Previous vulnerability researches
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2024-10686) , Nov 14, 2024
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2022-4974) , May 07, 2025
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (6956166d7008919d4108906e32c495d6d4a17ba4) , Jun 07, 2024
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2024-34826) , Jun 07, 2024
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2025-54028) , Aug 13, 2025
New vulnerability
String locator , Aug 13, 2025
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2025-54028) , Aug 13, 2025
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks (CVE-2025-54007) , Aug 13, 2025
WooCommerce Purchase Orders (CVE-2025-5391) , Aug 13, 2025
RentSyst – CRM solution for fleet management (CVE-2025-48152) , Aug 12, 2025