Contact Form 7 – Dynamic Text Extension
Approved changes feed: RSS · Atom
cpe:2.3:a:sevenspark:contact_form_7_–_dynamic_text_extension:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Sevenspark (62fa559c-0057-540d-b481-a3de3ea4d2e0) |
|---|---|
| Product | Contact Form 7 – Dynamic Text Extension (34f38a3b-aad2-510d-a64c-35d650b408a5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-63068 |
vulnerable | 2026-06-08 07:39:17.251856 |
WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability
MEDIUM (5.3)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.5.
Published: 2025-12-09T14:52:35.227Z
Updated: 2026-04-28T19:36:28.559Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56218 |
vulnerable | 2026-06-08 06:54:17.559734 |
WordPress Contact Form 7 - Dynamic Text Extension plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Cross Site Request Forgery.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through <= 5.0.1.
Published: 2024-12-31T10:12:52.349Z
Updated: 2026-04-28T16:10:55.186Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10084 |
vulnerable | 2026-06-08 06:22:03.540809 |
Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode
MEDIUM (4.3)
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own.
Published: 2024-11-05T21:29:17.783Z
Updated: 2026-04-08T17:28:41.027Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6630 |
vulnerable | 2026-06-08 06:21:55.146513 |
Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference
MEDIUM (4.3)
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.
Published: 2024-01-11T04:30:47.600Z
Updated: 2026-04-08T17:12:55.224Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.