cleantalk
Vulnerabilities and Security Researches

Redirection for Contact Form 7, CVE-2021-24279

CVE, Research URL

CVE-2021-24279

Home page URL

Security reports for Redirection for Contact Form 7

Application

Redirection for Contact Form 7

Published on
May 14, 2021
Research Description
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository.
Affected versions
Min -, max 2.3.4.
Status
vulnerable
Previous vulnerability researches
Redirection for Contact Form 7 (CVE-2023-39920) , Jun 10, 2024
Redirection for Contact Form 7 (CVE-2022-4974) , Nov 14, 2024
Redirection for Contact Form 7 (CVE-2025-8141) , Aug 20, 2025
Redirection for Contact Form 7 (CVE-2025-8289) , Aug 20, 2025
Redirection for Contact Form 7 (CVE-2025-8145) , Aug 20, 2025
New vulnerability
PHP Compatibility Checker , Aug 21, 2025
Infility Global (CVE-2025-47650) , Aug 21, 2025
Contact Manager (CVE-2025-8783) , Aug 21, 2025
Custom Comment (CVE-2025-49889) , Aug 20, 2025
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2025-53340) , Aug 20, 2025