Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High1
Medium2
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2026-02-13

CVE-2025-8280 - Contact Form 7 Captcha Plugin

The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.

PLUGIN Contact Form 7 Captcha

CVE-2025-8280

MEDIUM CVSS 5.8 2025-09-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-2187 - Contact Form 7 Captcha Plugin

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

PLUGIN Contact Form 7 Captcha

CVE-2022-2187

MEDIUM CVSS 6.1 2022-07-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24565 - Contact Form 7 Captcha Plugin

The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue.

PLUGIN Contact Form 7 Captcha

CVE-2021-24565

HIGH CVSS 8.8 2021-08-23
Open Full Technical Breakdown
Scroll to top