Approved changes feed: RSS · Atom

cpe:2.3:a:sevenspark:contact_form_7_–_dynamic_text_extension:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorSevenspark (62fa559c-0057-540d-b481-a3de3ea4d2e0)
ProductContact Form 7 – Dynamic Text Extension (34f38a3b-aad2-510d-a64c-35d650b408a5)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-63068 vulnerable 2026-06-08 07:39:17.251856 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability
MEDIUM (5.3)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.5.
Published: 2025-12-09T14:52:35.227Z
Updated: 2026-04-28T19:36:28.559Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-56218 vulnerable 2026-06-08 06:54:17.559734 WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.1.
Published: 2024-12-31T10:12:52.349Z
Updated: 2026-04-28T16:10:55.186Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10084 vulnerable 2026-06-08 06:22:03.540809 Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode
MEDIUM (4.3)
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own.
Published: 2024-11-05T21:29:17.783Z
Updated: 2026-04-08T17:28:41.027Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6630 vulnerable 2026-06-08 06:21:55.146513 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference
MEDIUM (4.3)
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.
Published: 2024-01-11T04:30:47.600Z
Updated: 2026-04-08T17:12:55.224Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.