VYPR

PDF For Contact Form 7

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-60081HigDec 18, 2025
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through <= 6.5.0.

  • CVE-2025-3247Apr 16, 2025
    risk 0.00cvss epss 0.00

    The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to…

  • CVE-2024-0239Jan 16, 2024
    risk 0.00cvss epss 0.00

    The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.