Skip to main content

Contact Form 7 Connector

2 CVEs product

Monthly

CVE-2024-24884 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contact Form 7 Connector
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0239 MEDIUM POC This Month

The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form 7 Connector
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contact Form 7 Connector
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form 7 Connector
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy