GCVE - cpe:2.3:a:hasthemes:extensions_for_cf7:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hasthemes:extensions_for_cf7:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Hasthemes (`d368bab3-bc4f-5819-9d32-f6fb06c04453`)
Product	Extensions For Cf7 (`28018055-22e3-5f31-ad07-480394b8af68`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-24695`	vulnerable	2026-06-03 14:59:56.669579	WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability MEDIUM (4.4) Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0. Published: 2025-01-24T17:24:56.863Z Updated: 2026-05-11T23:16:47.307Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/extensions-for-cf7/vulnerability/wordpress-extensions-for-cf7-plugin-3-2-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-29102`	vulnerable	2026-06-03 14:55:26.846052	WordPress Extensions For CF7 plugin <= 3.0.6 - Unauthenticated Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6. Published: 2024-03-19T15:47:05.886Z Updated: 2026-04-28T16:09:16.557Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/extensions-for-cf7/wordpress-extensions-for-cf7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-23899`	vulnerable	2026-06-03 14:49:28.942083	WordPress Extensions For CF7 Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. Published: 2023-02-17T14:14:10.889Z Updated: 2026-04-28T16:08:04.319Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/extensions-for-cf7/wordpress-extensions-for-cf7-contact-form-7-database-conditional-fields-and-redirection-plugin-2-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Extensions For Cf7

PURL mappings

Vulnerability references

Contribute