Security Advisory

CVE-2025-8280

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-12 06:00:06

Last updated 2025-09-12 16:22:30

Assigner WPScan

State PUBLISHED

Description

The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER[REQUEST_URI] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.

← Browse all CVEs View on cve.org ↗