Sevenspark: >> Contact Form 7 - Dynamic Text Extension Security Vulnerabilities
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-11-05