VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 3 known issues Latest disclosed Jul 07, 2025

Pay with Contact Form 7 Vulnerabilities

Review known vulnerability records for the WordPress plugin Pay with Contact Form 7 (`pay-with-contact-form-7`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-52777, CVE-2025-24772 and CVE-2025-32126, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
3
High or Critical
0
Patch Coverage
100%
Last Updated
Jul 17, 2025
Priority CVE Quick Links

Fast paths into Pay with Contact Form 7 CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
3
CVE-2025-52777 Medium No patch listed
CVE-2025-52777 Pay with Contact Form 7 Cross-Site Scripting

Pay with Contact Form 7 <= 1.0.4 - Reflected Cross-Site Scripting

CVE-2025-32126 Medium No patch listed
CVE-2025-32126 Pay with Contact Form 7 SQL Injection

Pay with Contact Form 7 <= 1.0.4 - Authenticated (Administrator+) SQL Injection

CVE-2025-24772 Medium No patch listed
CVE-2025-24772 Pay with Contact Form 7 Cross-Site Request Forgery

Pay with Contact Form 7 <= 1.0.4 - Cross-Site Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Pay with Contact Form 7 so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
3 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-52777, CVE-2025-24772 and CVE-2025-32126
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Pay with Contact Form 7

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2025-52777
CVE-2025-52777: Pay with Contact Form 7 <= 1.0.4 - Reflected Cross-Site Scripting

The Pay with Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sc...

Published
Jul 07, 2025
Patched Release
Not published
Affected Versions
Versions up to 1.0.4
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-52777 Report Open CVE Reference
Plugin Medium Patched: No CVE-2025-24772
CVE-2025-24772: Pay with Contact Form 7 <= 1.0.4 - Cross-Site Request Forgery

The Pay with Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unautho...

Published
Jun 05, 2025
Patched Release
Not published
Affected Versions
Versions up to 1.0.4
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-24772 Report Open CVE Reference
Plugin Medium Patched: No CVE-2025-32126
CVE-2025-32126: Pay with Contact Form 7 <= 1.0.4 - Authenticated (Administrator+) SQL Injection

The Pay with Contact Form 7 plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...

Published
Apr 04, 2025
Patched Release
Not published
Affected Versions
Versions up to 1.0.4
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-32126 Report Open CVE Reference