CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

Positive Technologies•added 2021/12/22 12:0 a.m.•4 views

PT-2021-21396 · WordPress · Contact Form 7 Database Addon – Cfdb7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.5.9 Description: A Cross-Site Request Forgery CSRF issue was found in the Contact Form 7 Database Addon – CFDB7 WordPress plugin. This type of issue allows an attacker to...

8.8CVSS8.6AI score0.00112EPSS

Exploits0References4

Positive Technologies•added 2021/12/22 12:0 a.m.•4 views

PT-2021-21395 · WordPress · Contact Form 7 Database Addon

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.6.1 Description: The issue is related to an Unauthenticated Stored Cross-Site Scripting XSS vulnerability. Recommendations: For versions = 1.2.6.1, update to a version high...

6.1CVSS5.7AI score0.00454EPSS

Exploits0References4

CNNVD•added 2021/12/22 12:0 a.m.•2 views

WordPress 插件跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Contact Form 7 Database...

8.8CVSS5.4AI score0.00112EPSS

Exploits0References3

Patchstack•added 2021/11/12 12:0 a.m.•26 views

WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Ex.Mi Patchstack in WordPress Contact Form 7 Database Addon – CFDB7 plugin versions = 1.2.5.9. Solution Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version at least 1.2.6.1...

8.8CVSS3.6AI score0.00112EPSS

Exploits0References2Affected Software1

OpenVAS•added 2021/03/24 12:0 a.m.•16 views

WordPress Contact Form 7 Database Addon Plugin (CFDB7) < 1.2.5.8 CSV Injection Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

7.8CVSS7.8AI score0.00414EPSS

Exploits1References2

CNVD•added 2021/03/19 12:0 a.m.•7 views

Wordpress Contact Form 7 Database Addon plugin input validation error vulnerability

Wordpress Contact Form 7 Database Addon is an open source application plugin for Wordpress. This plugin is used to save Contact Form 7 submissions to your WordPress database. An input validation error vulnerability exists in versions of the Contact Form 7 Database Addon plugin prior to 1.2.5.6,...

7.8CVSS6.8AI score0.00414EPSS

Exploits1References1

OSV•added 2021/03/18 3:15 p.m.•1 views

CVE-2021-24144

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

7.8CVSS7.2AI score

Exploits0References1

NVD•added 2021/03/18 3:15 p.m.•12 views

CVE-2021-24144

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

7.8CVSS0.00414EPSS

Exploits1References1

Prion•added 2021/03/18 3:15 p.m.•15 views

Design/Logic Flaw

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

6.8CVSS7.5AI score0.00414EPSS

Exploits1References1Affected Software1

CVE•added 2021/03/18 2:57 p.m.•62 views

CVE-2021-24144

The CVE-2021-24144 issue affects the WordPress plugin Contact Form 7 Database Addon (CFDB7). Unvalidated input in CFDB7 prior to version 1.2.5.6 allows injection of arbitrary formulas into CSV exports/files. Affected component: CFDB7 CSV export handling; root cause: input validation weakness lead...

7.8CVSS7.5AI score0.00414EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/03/18 2:57 p.m.•15 views

CVE-2021-24144 Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

7.7AI score0.00414EPSS

Exploits1References1

Positive Technologies•added 2021/03/18 12:0 a.m.•4 views

PT-2021-15690 · WordPress · Contact Form 7 Database Addon

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Database Addon plugin versions prior to 1.2.5.6 Description: The issue concerns unvalidated input in the Contact Form 7 Database Addon plugin, allowing remote attackers to inject arbitrary formulas into CSV files...

7.8CVSS7.5AI score0.00414EPSS

Exploits1References3

CNNVD•added 2021/03/18 12:0 a.m.•3 views

Wordpress Contact Form 7 Database Addon 注入漏洞

7.8CVSS5.9AI score0.00414EPSS

Exploits1References2

WPVulnDB•added 2021/01/25 12:0 a.m.•21 views

Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection

The plugin was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Attackers can possibly exploit this issue to execute arbitrary commands on the victim's system, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected...

1.6AI score0.00414EPSS

Exploits1References1Affected Software1

Patchstack•added 2021/01/21 12:0 a.m.•8 views

WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.3 - Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability

Insufficient Input Sanitization Leading To Authenticated SQL Injection SQLi vulnerability found in WordPress Contact Form 7 Database Addon – CFDB7 plugin versions = 1.2.5.3. Solution Update the WordPress Contact Form 7 Database Addon – CFDB7 plugin to the latest available version at least 1.2.5.4...

3.7AI score

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by