Lucene search
Advanced Contact Form 7 DB Security Vulnerabilities
cve
Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at...
6.1CVSS
5.9AI Score
0.001EPSS
2022-05-25 04:15 PM
61
4
cve
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing....
8CVSS
8.2AI Score
0.001EPSS
2022-03-21 07:15 PM
60