CF7 Invisible reCaptcha <= 1.3.1 – XSS | CVE 2018-21012

Affects Plugins

Fixed in 1.3.2

References

CVE

CVE-2018-21012

URL

https://plugins.trac.wordpress.org/changeset?reponame=&new=1875446%40cf7-invisible-recaptcha&old=1866974%40cf7-invisible-recaptcha

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Verified

No

WPVDB ID

08a9a70b-6666-4889-97b5-2c1ae1bacaea

Timeline

Publicly Published

2018-05-16 (about 7 years ago)

Added

2019-06-20 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-11-04

Title

Seriously Simple Podcasting < 3.6.0 - Reflected Cross-Site Scripting via add_query_arg Parameter

Published

2025-01-06

Title

Thim Elementor Kit < 1.2.9.1 - Contributor+ Stored XSS

Published

2019-06-29

Title

Essential Real Estate <= 1.7.1 - XSS

Published

2024-12-02

Title

Captivate Sync < 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Published

2026-04-13

Title

ShopLentor < 3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute