PatchSiren cyber security CVE debrief
CVE-2026-23970 Themeisle CVE debrief
CVE-2026-23970 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Redirection for Contact Form 7 plugin versions <= 3.2.8. The vulnerability has a CVSS score of 7.1.
- Vendor
- Themeisle
- Product
- Redirection for Contact Form 7
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Redirection for Contact Form 7 plugin versions <= 3.2.8 should apply patches or mitigations to prevent exploitation.
Technical summary
CVE-2026-23970 is a Cross Site Scripting (XSS) vulnerability in Redirection for Contact Form 7 plugin versions <= 3.2.8. The vulnerability is rated HIGH with a CVSS score of 7.1.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates for Redirection for Contact Form 7 plugin to version > 3.2.8
- Review and restrict user input to prevent XSS attacks
Evidence notes
Vendor and product information is not confirmed. The vulnerability was reported by Patchstack.
Official resources
-
CVE-2026-23970 CVE record
CVE.org
-
CVE-2026-23970 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-23970 was published on 2026-06-15T21:16:40.033Z and modified on 2026-06-15T21:24:32.790Z.