VYPR

Material Design for Contact Form 7

by WordPress

CVEs (2)

  • CVE-2025-30522HigMar 24, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a through <= 1.0.0.

  • CVE-2022-0404MedApr 4, 2022
    risk 0.42cvss 6.5epss 0.01

    The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low…