Rocklobster - Contact Form 7 CVE

Filtered by vendor Rocklobster Subscribe

Filtered by product Contact Form 7

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-35489	1 Rocklobster	1 Contact Form 7	2020-12-22	10.0 HIGH	10.0 CRITICAL
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
CVE-2018-20979	1 Rocklobster	1 Contact Form 7	2020-08-24	7.5 HIGH	9.8 CRITICAL
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.

Vulnerabilities (CVE)