Vulnerabilities > Rocklobster > Contact Form 7 > 5.0.3

DATE CVE VULNERABILITY TITLE RISK
2024-06-27 CVE-2024-4704 Open Redirect vulnerability in Rocklobster Contact Form 7
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
network
low complexity
rocklobster CWE-601
6.1
2023-12-01 CVE-2023-6449 Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3.
network
low complexity
rocklobster CWE-434
7.2
2020-12-17 CVE-2020-35489 Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
network
low complexity
rocklobster CWE-434
critical
10.0
2019-08-22 CVE-2018-20979 Unspecified vulnerability in Rocklobster Contact Form 7
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
network
low complexity
rocklobster
critical
9.8