Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-07-11
CVE-2024-10084 - Dynamic Text Extension Plugin
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own.
PLUGIN
Dynamic Text Extension
CVE-2024-10084
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6630 - Dynamic Text Extension Plugin
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.
PLUGIN
Dynamic Text Extension
CVE-2023-6630
Risk Score