CVE-2026-25320

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

CVE-2025-12845 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

VulnCheck KEV: CVE-2025-12845

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

CVE-2023-36508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Databa...

CVE-2023-36508

A vulnerability in bestweblayout Contact Form to DB by BestWebSoft contact-form-to-db.This issue affects Contact Form to DB by BestWebSoft: from n/a through = 1.7.1...

CVE-2022-2116

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

CVE-2022-2116

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

PT-2022-14892 · WordPress · Contact Form

Name of the Vulnerable Software and Affected Versions: Contact Form DB WordPress plugin versions prior to 1.8.0 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the plugin does not properly sanitise and escape some parameters before outputting them back in...

WordPress Elementor Contact Form DB plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Elementor Contact Form DB is a WordPress plugin. A cross-site request forgery vulnerability exists in the Wordpress Elementor Contact...

WordPress Plugin Contact Form DB Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed in the PHP language, which supports personal blog sites on PHP and MySQL servers.Contact Form DB also known as CFDB and contact-form-7-to-database-extension is one of the plugins that can submit the create and...