CVE-2026-57411
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-57411, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman CF7 Views &#8211; Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views &#8211; Complete Entry Management for Contact Form 7: from n/a through <= 3.2.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
aman cf7_views to 3.2.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57411 is a Cross Site Scripting (XSS) vulnerability found in the WordPress plugin "CF7 Views – Complete Entry Management for Contact Form 7" version 3.2.2 and earlier. It is a DOM-Based XSS issue where attackers can inject malicious scripts into web pages generated by the plugin.

This vulnerability allows attackers to execute malicious scripts, such as redirects or advertisements, when visitors access the affected site.

Exploitation requires a privileged user to perform an action like clicking a malicious link or submitting a form.

Impact Analysis

This vulnerability can lead to attackers injecting malicious scripts into your website, which can execute when visitors access your site.

  • It can cause unwanted redirects to malicious or advertisement sites.
  • It may result in the compromise of user data or session hijacking.
  • The vulnerability has a CVSS score of 7.1, indicating a moderate level of danger and potential for widespread exploitation.

Users are advised to update the plugin to version 3.2.3 or later to mitigate this risk.

Detection Guidance

This vulnerability is a DOM-Based Cross-Site Scripting (XSS) in the CF7 Views plugin for WordPress. Detection typically involves monitoring for suspicious script injections or unusual behavior triggered by user interactions such as clicking links or submitting forms.

While no specific commands are provided in the resources, general detection methods include:

  • Reviewing web server logs for unusual query parameters or payloads that may contain script tags.
  • Using web vulnerability scanners that can detect XSS vulnerabilities in web applications.
  • Monitoring user activity for unexpected redirects or script execution.
  • Checking the installed version of the CF7 Views plugin to see if it is version 3.2.2 or earlier, which is vulnerable.
Mitigation Strategies

The immediate recommended step is to update the CF7 Views plugin to version 3.2.3 or later, where the vulnerability is patched.

Until the update can be applied, applying the mitigation rule provided by Patchstack to block attacks targeting this vulnerability is advised.

  • Update the CF7 Views plugin to version 3.2.3 or higher.
  • Implement the Patchstack mitigation rule to block exploit attempts.
  • Limit privileged user actions that could trigger the vulnerability, such as clicking untrusted links or submitting untrusted forms.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57411. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart