Plugin security risks

  • Resolved bhautik17

    (@bhautik17)


    4 months, 4 weeks ago

    Hello,

    I would like to report a security concern regarding the plugin Contact Form 7 – Dynamic Text Extension.

    • Vulnerability Type: Content Injection
    • Severity: Low (CVSS 5.3)
    • Exploited in the Wild: No
    • Fixed in: No fix available yet

    This issue may allow malicious content injection under certain conditions. While the severity is rated low, it still poses a risk to sites using the plugin.

    Thank you!

Viewing 1 replies (of 1 total)
  • Plugin Author Tessa (they/them), AuRise Creative

    (@tessawatkinsllc)

    4 months, 4 weeks ago

    Hi, please submit security vulnerabilities to Wordfence or Patchstack.

    Additionally, assuming the vulnerability is this one/this one, it has been patched in version 5.0.4 yesterday. The Wordfence team is out on holiday break and will return to the office on January 5th, 2026. I don’t know about the Patchstack team. Either way, I don’t expect them to update the report status until at least then.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.