VYPR

Mollie for Contact Form 7

by WordPress

CVEs (2)

  • CVE-2024-55990HigDec 16, 2024
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tsjippy Mollie for Contact Form 7 cf7-mollie allows Blind SQL Injection.This issue affects Mollie for Contact Form 7: from n/a through <= 5.0.0.

  • CVE-2024-12165MedDec 7, 2024
    risk 0.40cvss 6.1epss 0.00

    The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…