Vulnerabilities > Rocklobster > Contact Form 7 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-01 | CVE-2023-6449 | Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7 The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. | 7.2 |
| 2021-04-05 | CVE-2021-24159 | Cross-Site Request Forgery (CSRF) vulnerability in Rocklobster Contact Form 7 Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. | 8.8 |