VYPR

Contact Form 7 Recaptcha

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-8280MedSep 12, 2025
    risk 0.38cvss 5.8epss 0.00

    The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.

  • CVE-2025-23972MedJul 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA contact-form-7-recaptcha allows Cross Site Request Forgery.This issue affects Contact Form 7 reCAPTCHA: from n/a through <= 1.2.0.