CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-8280

The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.6%

CVSS Severity

CVSS v3 Score 5.8

References

https://wpscan.com/vulnerability/f8370026-6293-4814-961f-c254ee8e844d/

Products affected by CVE-2025-8280

Iambriansreed » Contact Form 7 Recaptcha » Version: 1.0.0

cpe:2.3:a:iambriansreed:contact_form_7_recaptcha:1.0.0
Iambriansreed » Contact Form 7 Recaptcha » Version: 1.1.0

cpe:2.3:a:iambriansreed:contact_form_7_recaptcha:1.1.0
Iambriansreed » Contact Form 7 Recaptcha » Version: 1.2.0

cpe:2.3:a:iambriansreed:contact_form_7_recaptcha:1.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-8280

Products

Pricing

Contact Us