Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Contact Form 7 Captcha Project Subscribe
Filtered by product Contact Form 7 Captcha
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2187 1 Contact Form 7 Captcha Project 1 Contact Form 7 Captcha 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2021-24565 1 Contact Form 7 Captcha Project 1 Contact Form 7 Captcha 2024-02-28 6.8 MEDIUM 8.8 HIGH
The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue.

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024