WordPress Plugin Vulnerabilities

Contact Form 7 <= 3.7.1 - CAPTCHA Bypass

Description

The Contact Form 7 WordPress plugin was affected by a CAPTCHA Bypass security vulnerability.

Affects Plugins

Plugin icon
contact-form-7
Fixed in 3.7.2

References

CVE
CVE-2014-2265

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Verified
No
WPVDB ID
3020e3f1-162f-48f9-ace3-7ba1c7c6b164

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-08-09
Title
WooCommerce - Social Login < 2.7.6 - Authentication Bypass to Account Takeover
Published
2018-09-10
Title
UserPro <= 4.9.27 - User Registration With Administrator Role
Published
2020-04-08
Title
Klarna Checkout for WooCommerce < 2.0.10 - Authenticated Arbitrary Plugin Deactivation, Activation and Installation
Published
2025-11-21
Title
Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation
Published
2023-08-08
Title
FULL - Customer < 2.3 - Subscriber+ Health Check Disclosure