cleantalk
Vulnerabilities and Security Researches

Send PDF for Contact Form 7, CVE-2023-0143

CVE, Research URL

CVE-2023-0143

Home page URL

Security reports for Send PDF for Contact Form 7

Application

Send PDF for Contact Form 7

Published on
Feb 07, 2023
Research Description
The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions
Min -, max 0.9.9.2.
Status
vulnerable
Previous vulnerability researches
Send PDF for Contact Form 7 (CVE-2024-3585) , Jun 06, 2024
Send PDF for Contact Form 7 (f10734a1ded3f4fb4bf97398bf82b8041b3ec077) , Jun 06, 2024
Send PDF for Contact Form 7 (CVE-2023-0143) , Jun 06, 2024
New vulnerability
Live Sports Streamthunder (CVE-2025-49967) , Jun 25, 2025
WP Voting Contest Lite (CVE-2025-50017) , Jun 25, 2025
Automatically Hierarchic Categories in Menu (CVE-2025-50048) , Jun 24, 2025
WP Visitor Statistics (Real Time Traffic) (CVE-2025-49996) , Jun 24, 2025
Video List Manager (CVE-2025-49986) , Jun 24, 2025