Message Filter for Contact Form 7

Vulnerabilities 7Slug cf7-message-filterLatest version 1.6.3.8WordPress.org →

Minimum safe version

1.6.33

Update to 1.6.33 or later to address 7 fixable vulnerabilities

Latest available1.6.3.8 ✗

Medium 6.1

2026-05-01< 1.6.3.3

CVE-2024-13362

High 7.2

2025-04-22< 1.6.33

CVE-2025-46252

Medium 6.3

2024-12-09< 1.6.3.1

CVE-2024-54254

Medium 4.3

2024-12-07< 1.6.3.1

CVE-2024-12026

Medium 4.3

2024-12-06< 1.6.3.1

CVE-2024-12027

High 7.1

2024-08-01< 1.6.2

CVE-2024-39647

N/A

2023-07-19< 1.4.3

WordPress Message Filter for Contact Form 7 Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)