Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Spam Protect for Contact Form 7

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2026-1540
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.10% / 28.45%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 06:00
Updated-03 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header

Action-Not Available
Vendor-Unknown
Product-Spam Protect for Contact Form 7
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-32496
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.22%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-30 Mar, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue affects Spam Protect for Contact Form 7: from n/a through <= 1.2.9.

Action-Not Available
Vendor-NYSL
Product-Spam Protect for Contact Form 7
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')