Vulnerabilities > Rocklobster > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-40609 | Unspecified vulnerability in Rocklobster Contact Form 7 Custom Validation 1.1.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3. | 9.8 |
| 2020-12-17 | CVE-2020-35489 | Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. | 10.0 |
| 2019-08-22 | CVE-2018-20979 | Unspecified vulnerability in Rocklobster Contact Form 7 The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. | 9.8 |