cleantalk
Vulnerabilities and Security Researches

Coinbase Commerce for Contact Form 7, 5f306a2af239dc538b6d1cc42b33064c123ce817

CVE, Research URL

5f306a2af239dc538b6d1cc42b33064c123ce817

Home page URL

Security reports for Coinbase Commerce for Contact Form 7

Application

Coinbase Commerce for Contact Form 7

Published on
Jul 18, 2023
Research Description
Coinbase Commerce for Contact Form 7 [coinbase-commerce-for-contact-form-7] < 1.1.2 WordPress Coinbase Commerce for Contact Form 7 Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Coinbase Commerce for Contact Form 7 plugin to the latest available version (at least 1.1.2). Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Coinbase Commerce for Contact Form 7 Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.1.2.
Affected versions
Min -, max 1.1.2.
Status
vulnerable
Previous vulnerability researches
Connect Contact Form 7 to Constant Contact (CVE-2024-54343) , Dec 14, 2024
Coinbase Commerce for Contact Form 7 (5f306a2af239dc538b6d1cc42b33064c123ce817) , Jun 06, 2024
Contact Form 7 Round Robin Lead Distribution (CVE-2025-23812) , Jan 24, 2025
Contact Form 7 Round Robin Lead Distribution (CVE-2025-23784) , Jan 21, 2025
Contact Form 7 Anti Spambot (CVE-2025-23862) , Jan 18, 2025
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025