This page lists publicly disclosed CVE vulnerabilities affecting hasthemes extensions_for_cf7 (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-24695 | Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0. | [email protected] | 4.4 | 0.32% | 2025-01-24 | 2026-06-17 |
| CVE-2024-29102 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6. | [email protected] | 7.1 | 0.33% | 2024-03-19 | 2026-06-17 |
| CVE-2023-23899 | Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. | [email protected] | 4.3 | 0.23% | 2023-02-17 | 2026-06-17 |