Title: Plugin security risks
Last modified: January 2, 2026

---

# Plugin security risks

 *  Resolved [bhautik17](https://wordpress.org/support/users/bhautik17/)
 * (@bhautik17)
 * [4 months, 4 weeks ago](https://wordpress.org/support/topic/plugin-security-risks/)
 * Hello,
 * I would like to report a security concern regarding the plugin **Contact Form
   7 – Dynamic Text Extension**.
    - **Vulnerability Type:** Content Injection
    - **Severity:** Low (CVSS 5.3)
    - **Exploited in the Wild:** No
    - **Fixed in:** No fix available yet
 * This issue may allow malicious content injection under certain conditions. While
   the severity is rated low, it still poses a risk to sites using the plugin.
 * Thank you!

Viewing 1 replies (of 1 total)

 *  Plugin Author [Tessa (they/them), AuRise Creative](https://wordpress.org/support/users/tessawatkinsllc/)
 * (@tessawatkinsllc)
 * [4 months, 4 weeks ago](https://wordpress.org/support/topic/plugin-security-risks/#post-18773037)
 * Hi, please submit security vulnerabilities to Wordfence or Patchstack.
 * Additionally, assuming the vulnerability is [this one](https://vdp.patchstack.com/database/Wordpress/Plugin/contact-form-7-dynamic-text-extension/vulnerability/wordpress-contact-form-7-dynamic-text-extension-plugin-5-0-3-content-injection-vulnerability?_s_id=cve)/
   [this one](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension-503-unauthenticated-arbitrary-shortcode-execution),
   it has been patched in version 5.0.4 yesterday. The Wordfence team is out on 
   holiday break and will return to the office on January 5th, 2026. I don’t know
   about the Patchstack team. Either way, I don’t expect them to update the report
   status until at least then.

Viewing 1 replies (of 1 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fplugin-security-risks%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/contact-form-7-dynamic-text-extension/assets/icon-256x256.
   png?rev=3019574)
 * [Contact Form 7 - Dynamic Text Extension](https://wordpress.org/plugins/contact-form-7-dynamic-text-extension/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-7-dynamic-text-extension/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/contact-form-7-dynamic-text-extension/)
 * [Active Topics](https://wordpress.org/support/plugin/contact-form-7-dynamic-text-extension/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-7-dynamic-text-extension/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/contact-form-7-dynamic-text-extension/reviews/)

 * 2 replies
 * 3 participants
 * Last reply from: [Tessa (they/them), AuRise Creative](https://wordpress.org/support/users/tessawatkinsllc/)
 * Last activity: [4 months, 4 weeks ago](https://wordpress.org/support/topic/plugin-security-risks/#post-18773037)
 * Status: resolved