cleantalk
Vulnerabilities and Security Researches

Contact Form 7 – Dynamic Text Extension, CVE-2025-63068

CVE, Research URL

CVE-2025-63068

Home page URL

Security reports for Contact Form 7 – Dynamic Text Extension

Application

Contact Form 7 – Dynamic Text Extension

Published on
Dec 09, 2025
Research Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through <= 5.0.3.
Affected versions
max 5.0.3.
Status
vulnerable
Previous vulnerability researches
Advanced Flamingo (CVE-2023-52226) , Jun 07, 2024
Flamingo , Apr 16, 2025
Flamingo (022a9997dfc335fe7d818f90b085eb691dd3ba3c) , Jun 07, 2024
New vulnerability
Advanced Classifieds &amp; Directory Pro (CVE-2025-68580) , Jan 10, 2026
Co-marquage service-public.fr (CVE-2025-62113) , Jan 10, 2026
404 Solution (CVE-2025-14477) , Jan 10, 2026
BizPrint &#8211; Print WooCommerce Order Receipts, Invoices, Labels &amp; More. (CVE-2025-69024) , Jan 10, 2026
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-13754) , Jan 10, 2026