Vulnerabilities > Rocklobster

DATE CVE VULNERABILITY TITLE RISK
2024-06-27 CVE-2024-4704 Open Redirect vulnerability in Rocklobster Contact Form 7
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
network
low complexity
rocklobster CWE-601
6.1
2024-01-11 CVE-2023-6630 Authorization Bypass Through User-Controlled Key vulnerability in Rocklobster Contact Form 7
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key.
network
low complexity
rocklobster CWE-639
4.3
2023-12-01 CVE-2023-6449 Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3.
network
low complexity
rocklobster CWE-434
7.2
2023-11-06 CVE-2023-40609 Unspecified vulnerability in Rocklobster Contact Form 7 Custom Validation 1.1.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.
network
low complexity
rocklobster
critical
9.8
2021-04-05 CVE-2021-24159 Cross-Site Request Forgery (CSRF) vulnerability in Rocklobster Contact Form 7
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9.
network
low complexity
rocklobster CWE-352
8.8
2020-12-17 CVE-2020-35489 Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
network
low complexity
rocklobster CWE-434
critical
10.0
2019-08-22 CVE-2018-20979 Unspecified vulnerability in Rocklobster Contact Form 7
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
network
low complexity
rocklobster
critical
9.8