CVE-2026-0811 Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vszcf7savesettingcallback' function. This makes it possible for unauthenticated attackers to...

CVE-2026-0814 Advanced CF7 DB <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vszcf7exporttoexcel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

WordPress plugin Advanced Contact form 7 DB 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Advanced Contact form 7 DB 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Advanced Contact form 7 DB plugin <= 2.0.2 - Sensitive Information Exposure vulnerability

Sensitive Information Exposure vulnerability discovered by Tim Coen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.2...

EUVD-2022-33746

Malicious code in bioql PyPI...

EUVD-2024-43962

Malicious code in bioql PyPI...

CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via thi...

CVE-2024-3723

CVE-2024-3723 affects the WordPress plugin Advanced Contact form 7 DB . Public details confirm a vulnerability in versions up to and including 2.0.2 that allows unauthenticated attackers to exfiltrate data uploaded via a form through the directory wp-content/uploads/advanced-cf7-upload . Affected...

CVE-2024-4319

CVE-2024-4319 affects the WordPress plugin Advanced Contact form 7 DB . The vulnerability is due to a missing capability check in the function vsz_cf7_export_to_excel, allowing unauthenticated attackers to download submitted form entries. Affected versions are up to and including 2.0.2 ; remediat...

WordPress plugin Advanced Contact form 7 DB security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Advanced Contact form 7 DB security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-45285

Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting XSS...

Wordpress plugin Advanced Contact form 7 DB 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

Cross site scripting

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

CVE-2022-29408

The CVE-2022-29408 entry concerns Vsourz Digital’s WordPress plugin Advanced Contact form 7 DB (&lt;= 1.8.7). Connected sources confirm a persistent (stored) Cross-Site Scripting (XSS) vulnerability, caused by insufficient sanitization/escaping of a parameter in the plugin’s form handling, enabli...

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

WordPress plugin Advanced Contact form 7 DB 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability ...