Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46252

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.

Published

2025-04-22T10:15:19.970

Last Modified

2025-04-30T15:10:04.440

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kofimokome	message_filter_for_contact_form_7	< 1.6.3.3	Yes

References

https://patchstack.com/database/wordpress/plugin/cf7-message-filter/vulnerability/wordpress-message-filter-for-contact-form-7-plugin-1-6-3-2-sql-injection-vulnerability?_s_id=cve Third Party Advisory ([email protected])