← Back

Zealousweb

zealousweb

6 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Generate Pdf Using Contact Form 7
generate_pdf_using_contact_form_7
4 CVEs
Track Geolocation Of Users Using Contact Form 7
track_geolocation_of_users_using_contact_form_7
1 CVE
Accept Stripe Payments Using Contact Form 7
accept_stripe_payments_using_contact_form_7
1 CVE

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-12255
1Zealousweb
1Accept Stripe Payments Using Contact Form 7
Jul 2, 2025
Dec 12, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it...Show more
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.Show less
CVE-2024-6317
1Zealousweb
1Generate Pdf Using Contact Form 7
Apr 8, 2026
Jul 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plu...Show more
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-6316
1Zealousweb
1Generate Pdf Using Contact Form 7
Apr 8, 2026
Jul 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and missing...Show more
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and missing file type validation in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-37555 is a duplicate of this issue.Show less
CVE-2024-37555
1Zealousweb
1Generate Pdf Using Contact Form 7
Apr 23, 2026
Jul 9, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7 generate-pdf-using-contact-form-7.This issue affects Generate PDF using Contact Form 7: from n/a through <= 4....Show more
Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7 generate-pdf-using-contact-form-7.This issue affects Generate PDF using Contact Form 7: from n/a through <= 4.1.2.Show less
CVE-2023-49188
1Zealousweb
1Track Geolocation Of Users Using Contact Form 7
Nov 21, 2024
Dec 15, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of U...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0.Show less
CVE-2022-3070
1Zealousweb
1Generate Pdf Using Contact Form 7
May 22, 2025
Sep 26, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disa...Show more
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.Show less