Lucene search
K

43 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.5 views

CVE-2025-12845

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

8.8CVSS5.5AI score0.00356EPSS
Exploits0References1
CVE
CVE
added 2026/02/19 8:26 a.m.10 views

CVE-2026-25320

CVE-2026-25320 concerns a Missing Authorization vulnerability in the WordPress plugin sb-elementor-contact-form-db (Elementor Contact Form DB) for Elementor Contact Form DB, affected versions:

5.3CVSS5.4AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:26 a.m.31 views

CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

5.3CVSS0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 8:26 a.m.4 views

CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

5.3CVSS5.4AI score0.00272EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20690

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through = 2.1.3...

5.4AI score0.00272EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/28 2:57 p.m.6 views

WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by You Ludwig in WordPress Plugin Elementor Contact Form DB versions = 2.1.3...

5.3CVSS5.4AI score0.00272EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-2153

Malware in sbrugna...

4.3CVSS6.3AI score0.01633EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-7018

Malware in sbrugna...

4.3CVSS6.1AI score0.02041EPSS
Exploits3References7
RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.4 views

CVE-2022-2116

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

6.1CVSS6.8AI score0.0051EPSS
Exploits2References1
OSV
OSV
added 2023/10/31 3:15 p.m.4 views

CVE-2023-36508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Databa...

9.8CVSS7.3AI score0.00716EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.13 views

WordPress Contact Form DB Divi Plugin < 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form DB Divi Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7b57e95fddc1 Credits Rafie Muhammad Patchstack Require...

6.2AI score0.00284EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/08/15 11:20 a.m.19 views

Cross site scripting

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

5.8CVSS6.1AI score0.0051EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/08/15 8:35 a.m.21 views

CVE-2022-2116 Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

6.2AI score0.0051EPSS
Exploits2References1
CVE
CVE
added 2022/08/15 8:35 a.m.61 views

CVE-2022-2116

CVE-2022-2116 affects the WordPress plugin Elementor Contact Form DB prior to version 1.8.0. The root cause is insufficient sanitisation/escaping of certain parameters when echoed back in HTML attributes, leading to a Reflected Cross-Site Scripting vulnerability. The exposed impact is a client-si...

6.1CVSS6AI score0.0051EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/08/15 12:0 a.m.3 views

WordPress plugin Contact Form DB 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS5.8AI score0.0051EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/07/19 12:0 a.m.25 views

WordPress Elementor Contact Form DB <= 1.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by ZhongFu Su aka JrXnm WuHan University in WordPress Elementor Contact Form DB versions = 1.7. Solution Update the WordPress Elementor Contact Form DB plugin to the latest available version at least 1.8...

6.1CVSS2AI score0.0051EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/13 12:0 a.m.9 views

Elementor Contact Form DB < 1.6 - Unauthenticated & Unauthorised Form Submissions Export

The sbelemcfddownloadcsv function, registered as an admininit hook does not have capability and CSRF checks, allowing unauthenticated attackers to download arbitrary form submissions as a CSV. The data will include PII such as email addresses. A CSRF check was added, but no capability one, so the...

2.2AI score
Exploits0References1Affected Software1
OSV
OSV
added 2021/01/12 7:15 p.m.4 views

CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages...

6.5CVSS6.6AI score0.009EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/01/12 6:57 p.m.27 views

CVE-2021-3133

The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages...

6.8AI score0.009EPSS
Exploits1References3
Rows per page
Query Builder