cleantalk
Vulnerabilities and Security Researches

Builder for Contact Form 7 by Webconstruct – Drag & Drop Contact Form Builder, CVE-2025-28864

CVE, Research URL

CVE-2025-28864

Home page URL

Security reports for Builder for Contact Form 7 by Webconstruct – Drag & Drop Contact Form Builder

Application

Builder for Contact Form 7 by Webconstruct – Drag & Drop Contact Form Builder

Published on
Mar 12, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery. This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through 1.2.2.
Affected versions
Min -, max 1.2.2.
Status
vulnerable
Previous vulnerability researches
Multiple Shipping And Billing Address For Woocommerce (CVE-2025-26875) , Mar 12, 2025
Multiple Shipping And Billing Address For Woocommerce (CVE-2024-56290) , Jan 08, 2025
New vulnerability
WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins (CVE-2025-2250) , Mar 13, 2025
All-in-One WP Migration (CVE-2024-10942) , Mar 13, 2025
WP Login Control (CVE-2024-13836) , Mar 13, 2025
Insert Code (CVE-2025-28932) , Mar 13, 2025
Frontpage category filter (CVE-2025-28867) , Mar 13, 2025