CVE-2025-12845

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

CVE-2026-25320

CVE-2026-25320 concerns a Missing Authorization vulnerability in the WordPress plugin sb-elementor-contact-form-db (Elementor Contact Form DB) for Elementor Contact Form DB, affected versions:

WordPress plugin Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20690

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by You Ludwig in WordPress Plugin Elementor Contact Form DB versions = 2.1.3...

EUVD-2015-2153

Malware in sbrugna...

EUVD-2014-7018

Malware in sbrugna...

CVE-2022-2116

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

CVE-2023-36508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Databa...

WordPress Contact Form DB Divi Plugin < 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form DB Divi Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7b57e95fddc1 Credits Rafie Muhammad Patchstack Require...

Cross site scripting

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

CVE-2022-2116 Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

CVE-2022-2116

CVE-2022-2116 affects the WordPress plugin Elementor Contact Form DB prior to version 1.8.0. The root cause is insufficient sanitisation/escaping of certain parameters when echoed back in HTML attributes, leading to a Reflected Cross-Site Scripting vulnerability. The exposed impact is a client-si...

WordPress plugin Contact Form DB 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Elementor Contact Form DB <= 1.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Elementor Contact Form DB versions = 1.7. Solution Update the WordPress Elementor Contact Form DB plugin to the latest available version at least 1.8...

Elementor Contact Form DB < 1.6 - Unauthenticated & Unauthorised Form Submissions Export

The sbelemcfddownloadcsv function, registered as an admininit hook does not have capability and CSRF checks, allowing unauthenticated attackers to download arbitrary form submissions as a CSV. The data will include PII such as email addresses. A CSRF check was added, but no capability one, so the...

CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages...

CVE-2021-3133

The CVE-2021-3133 entry concerns the WordPress Elementor Contact Form DB plugin (versions prior to 1.6). The vulnerability is CSRF against backend admin pages due to insufficient request validation, enabling an attacker to induce logged-in admins to perform unintended actions (e.g., changing plug...