Contact Form 7 Captcha Project Contact Form 7 Captcha — known CVE vulnerabilities
Every CVE whose affected-product data names Contact Form 7 Captcha Project Contact Form 7 Captcha, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-24565 — CVSS 8.8 (high): The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker…
CVE-2022-2187 — CVSS 6.1 (medium): The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in…