CVE-2025-6740
- EPSS 0.2%
- Veröffentlicht 04.07.2025 11:18:24
- Zuletzt bearbeitet 09.07.2025 17:42:55
The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possibl...
CVE-2022-3634
- EPSS 1.03%
- Veröffentlicht 21.11.2022 11:15:20
- Zuletzt bearbeitet 29.04.2025 17:15:35
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
CVE-2021-36885
- EPSS 0.31%
- Veröffentlicht 22.12.2021 19:15:11
- Zuletzt bearbeitet 21.11.2024 06:14:15
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).
CVE-2021-36886
- EPSS 0.11%
- Veröffentlicht 22.12.2021 19:15:11
- Zuletzt bearbeitet 21.11.2024 06:14:15
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).
CVE-2021-24144
- EPSS 0.41%
- Veröffentlicht 18.03.2021 15:15:15
- Zuletzt bearbeitet 21.11.2024 05:52:27
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.