3 matches found
CVE-2026-0811 Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vszcf7savesettingcallback' function. This makes it possible for unauthenticated attackers to...
CVE-2026-0811
CVE-2026-0811 affects the Advanced Contact Form 7 DB WordPress plugin, vulnerable in all versions up to 2.0.9 due to missing/incorrect nonce validation in vsz_cf7_save_setting_callback, enabling CSRF-based deletion of form entries. Attack requires an administrator action (e.g., clicking a link) t...
CVE-2026-0811 Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vszcf7savesettingcallback' function. This makes it possible for unauthenticated attackers to...