5 matches found
CVE-2024-3870 Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7beforesendmail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...
CVE-2024-3870
The CVE-2024-3870 entry concerns the WordPress plugin Contact Form 7 Database Addon – CFDB7. It is vulnerable to Sensitive Information Exposure in versions up to and including 1.2.6.8 via cfdb7_before_send_mail, allowing unauthenticated attackers to extract sensitive data (e.g., PII) from files u...
Cross site scripting
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.6.1...
CVE-2021-36886
CVE-2021-36886 affects the WordPress plugin Contact Form 7 Database Addon (CFDB7) versions up to 1.2.5.9. Root cause is CSRF due to lack of token validation, enabling unauthorized actions when a logged-in user visits a malicious page. Impact is CSRF risk on sites using CFDB7
CVE-2021-24144
Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...