cleantalk
Vulnerabilities and Security Researches

Redirection for Contact Form 7, CVE-2021-24279

CVE, Research URL

CVE-2021-24279

Home page URL

Security reports for Redirection for Contact Form 7

Application

Redirection for Contact Form 7

Published on
May 14, 2021
Research Description
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository.
Affected versions
Min -, max 2.3.4.
Status
vulnerable
Previous vulnerability researches
Redirection for Contact Form 7 (CVE-2023-39920) , Jun 10, 2024
Redirection for Contact Form 7 (CVE-2022-4974) , Nov 14, 2024
Redirection for Contact Form 7 (CVE-2021-24280) , Jun 07, 2024
Redirection for Contact Form 7 (CVE-2021-24279) , Jun 07, 2024
Redirection for Contact Form 7 (CVE-2021-36913) , Jun 07, 2024
New vulnerability
Responsive Starter Templates – Elementor & WordPress Templates (CVE-2025-49856) , Jun 19, 2025
WP VR – 360 Panorama and Virtual Tour Builder For WordPress (CVE-2025-47452) , Jun 19, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-49872) , Jun 19, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-49857) , Jun 19, 2025
WP Dummy Content Generator (CVE-2025-49234) , Jun 19, 2025