Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability - CVE-2025-3247 - Vulnerability Database
WP Plugin Contact Form 7

WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability - CVE-2025-3247

Medium
Reference: CVE-2025-3247
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-3247
Title: WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability
Overview:

The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to and including 6.0.5 via the 39wpcf7_stripe_skip_spam_check39 function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe but the plugin sends a successful email message for each transaction which may trick an administrator into fulfilling each order.