Vulnerabilities > Rocklobster > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-27 | CVE-2024-4704 | Open Redirect vulnerability in Rocklobster Contact Form 7 The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. | 6.1 |
| 2024-01-11 | CVE-2023-6630 | Authorization Bypass Through User-Controlled Key vulnerability in Rocklobster Contact Form 7 The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. | 4.3 |