cleantalk
Vulnerabilities and Security Researches

Contact Form 7 – Dynamic Text Extension, CVE-2025-63068

CVE, Research URL

CVE-2025-63068

Home page URL

Security reports for Contact Form 7 – Dynamic Text Extension

Application

Contact Form 7 – Dynamic Text Extension

Published on
Dec 09, 2025
Research Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through <= 5.0.3.
Affected versions
max 5.0.3.
Status
vulnerable
Previous vulnerability researches
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) , Aug 26, 2025
New vulnerability
Niche Hero | Beautifully-designed blocks in seconds (CVE-2025-14145) , Jan 10, 2026
Ultimate WordPress Auction Plugin (CVE-2025-66125) , Jan 10, 2026
Ultimate WordPress Auction Plugin (CVE-2025-68084) , Jan 10, 2026
Contact Form 7 with ChatWork (CVE-2025-13975) , Jan 10, 2026
Cornerstone (CVE-2025-63072) , Jan 10, 2026