VYPR

Contact Form 7 Style

by WordPress

CVEs (2)

  • CVE-2021-24159HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s…

  • CVE-2021-4390MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.00

    The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated…