23 matches found
CVE-2025-4665
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...
CVE-2025-4665
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...
WordPress plugin Contact Form CFDB7 security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
CVE-2025-4665
Summary: WordPress plugin Contact Form CFDB7, affected versions up to 1.3.2, suffers a pre-authentication SQL injection that cascades into insecure deserialization (PHP Object Injection). Root cause: insufficient input validation in plugin endpoints allows crafted payloads to influence backend qu...
CVE-2025-4665
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...
CVE-2025-4665
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...
EUVD-2021-23461
Malware in sbrugna...
CVE-2025-22351
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in penguinarts Contact Form 7 Database – CFDB7 advanced-cf7-database allows SQL Injection.This issue affects Contact Form 7 Database – CFDB7: from n/a through = 1.0.0...
CVE-2025-22351 WordPress Contact Form 7 Database – CFDB7 plugin <= 1.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PenguinArts Contact Form 7 Database – CFDB7 allows SQL Injection.This issue affects Contact Form 7 Database – CFDB7: from n/a through 1.0.0...
CVE-2025-22351 WordPress Contact Form 7 Database – CFDB7 plugin <= 1.0.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in penguinarts Contact Form 7 Database – CFDB7 advanced-cf7-database allows SQL Injection.This issue affects Contact Form 7 Database – CFDB7: from n/a through = 1.0.0...
WordPress plugin Contact Form 7 Database – CFDB7 SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Contact Form 7 Database - ...
CVE-2024-3870
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7beforesendmail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...
CVE-2024-3870
The CVE-2024-3870 entry concerns the WordPress plugin Contact Form 7 Database Addon – CFDB7. It is vulnerable to Sensitive Information Exposure in versions up to and including 1.2.6.8 via cfdb7_before_send_mail, allowing unauthenticated attackers to extract sensitive data (e.g., PII) from files u...
WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7 Database (CFDB7) Plugin plugin < 0.6.7 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7 Database CFDB7 Plugin plugin versions 0.6.7. Solution Update the WordPress Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7...
WordPress Cross-Site Request Forgery Vulnerability (CNVD-2021-102389)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Contact Form 7 Database...
CVE-2021-36886
Cross-Site Request Forgery CSRF vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.5.9...
CVE-2021-36885
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.6.1...
CVE-2021-36886 WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.5.9...
CVE-2021-36886
CVE-2021-36886 affects the WordPress plugin Contact Form 7 Database Addon (CFDB7) versions up to 1.2.5.9. Root cause is CSRF due to lack of token validation, enabling unauthorized actions when a logged-in user visits a malicious page. Impact is CSRF risk on sites using CFDB7
CVE-2021-36885
CFDB7 (Contact Form 7 Database Addon) WordPress plugin versions