Extensions For Cf7
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-7645 | Hig | 0.53 | 8.1 | 0.01 | Jul 22, 2025 | The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it… | ||
| CVE-2024-29102 | Hig | 0.46 | 7.1 | 0.00 | Mar 19, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6. | ||
| CVE-2026-24991 | Med | 0.34 | 5.3 | 0.00 | Feb 3, 2026 | Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through <= 3.4.0. | ||
| CVE-2025-24695 | Med | 0.29 | 4.4 | 0.00 | Jan 24, 2025 | Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0. | ||
| CVE-2023-23899 | 0.00 | — | 0.00 | Feb 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. |
- risk 0.53cvss 8.1epss 0.01
The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6.
- risk 0.34cvss 5.3epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through <= 3.4.0.
- risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0.
- CVE-2023-23899Feb 17, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.