PatchSiren cyber security CVE debrief
CVE-2026-57423 Kofi Mokome CVE debrief
The CVE-2026-57423 record was published on 2026-07-13T10:16:36.317Z and has not been modified since then. It describes a Reflected Cross-site Scripting (XSS) vulnerability in the Message Filter for Contact Form 7 plugin, allowing attackers to inject malicious scripts into web pages. This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.8. The vulnerability is rated as HIGH with a CVSS score of 7.1.
- Vendor
- Kofi Mokome
- Product
- Message Filter for Contact Form 7
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Message Filter for Contact Form 7 plugin versions up to 1.6.3.8 should review and apply patches. This includes administrators and security teams responsible for maintaining and securing websites that use the affected plugin. They should prioritize patching to prevent potential unauthorized script execution.
Technical summary
A Reflected Cross-site Scripting (XSS) vulnerability exists in the Message Filter for Contact Form 7 plugin, allowing attackers to inject malicious scripts into web pages. This issue affects Message Filter for Contact Form 7 plugin versions from n/a through <= 1.6.3.8, potentially leading to unauthorized actions or data exposure. The vulnerability is rated as HIGH with a CVSS score of 7.1. Users of affected plugin versions should review and apply patches to prevent potential security risks. Administrators and security teams responsible for maintaining and securing websites that use the affected plugin should prioritize patching. Evidence from Patchstack and NVD suggests a Reflected XSS vulnerability exists in Message Filter for Contact Form 7, but details are limited, and further verification is recommended.
Defensive priority
High priority for users of affected plugin versions due to potential for unauthorized script execution.
Recommended defensive actions
- Review and apply patches for Message Filter for Contact Form 7 plugin
- Inventory and update affected plugin versions
- Monitor for suspicious activity related to Contact Form 7 usage
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
Evidence from Patchstack and NVD suggests a Reflected XSS vulnerability exists in Message Filter for Contact Form 7. However, details are limited, and further verification is recommended. The vulnerability is rated as HIGH with a CVSS score of 7.1. Affected plugin versions are from n/a through <= 1.6.3.8. Users should review and apply patches. The CVE record was published on 2026-07-13T10:16:36.317Z and has not been modified since then.
Official resources
-
CVE-2026-57423 CVE record
CVE.org
-
CVE-2026-57423 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:36.317Z and has not been modified since then.