Contact Form 7 reCAPTCHA, CVE-2025-8280

CVE, Research URL: CVE-2025-8280
Home page URL: Security reports for Contact Form 7 reCAPTCHA
Application: Contact Form 7 reCAPTCHA
Published on: Sep 12, 2025
Research Description: The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
Affected versions: max 1.2.0.
Status: vulnerable