← Back

Contact Form 7 Captcha Project

contact_form_7_captcha_project

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Contact Form 7 Captcha
contact_form_7_captcha
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-8280
2Contact Form 7 Captcha Project
Iambriansreed
2Contact Form 7 Captcha
Contact Form 7 Recaptcha
Jun 17, 2026
Sep 12, 2025
N/A· v4
5.8 MEDIUM· v3
N/A· v2
The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web b...Show more
The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.Show less
CVE-2022-2187
1Contact Form 7 Captcha Project
1Contact Form 7 Captcha
Jun 17, 2026
Jul 17, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web brow...Show more
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsersShow less
CVE-2021-24565
1Contact Form 7 Captcha Project
1Contact Form 7 Captcha
Jun 17, 2026
Aug 23, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the se...Show more
The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue.Show less