cleantalk
Vulnerabilities and Security Researches

Contact Form 7 – Dynamic Text Extension, CVE-2024-10084

CVE, Research URL

CVE-2024-10084

Home page URL

Security reports for Contact Form 7 – Dynamic Text Extension

Application

Contact Form 7 – Dynamic Text Extension

Published on
Nov 06, 2024
Research Description
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own.
Affected versions
Min -, max 4.5.1.
Status
vulnerable
Previous vulnerability researches
Contact Form 7 – Dynamic Text Extension (a96df0f01268aec2ea27d8015425dd3a2aec921e) , Jun 07, 2024
Contact Form 7 – Dynamic Text Extension (CVE-2023-6630) , Jun 07, 2024
Contact Form 7 – Dynamic Text Extension (CVE-2024-10084) , Nov 07, 2024
Contact Form 7 – Dynamic Text Extension (CVE-2024-56218) , Dec 23, 2024
New vulnerability
Hot Random Image (CVE-2025-4405) , Jun 01, 2025
Hot Random Image (CVE-2025-4419) , Jun 01, 2025
ReDi Restaurant Reservation (CVE-2025-48286) , Jun 01, 2025
Global Shop Discount for WooCommerce (CVE-2025-48248) , Jun 01, 2025
6Storage Rentals (CVE-2025-47619) , Jun 01, 2025