CVE-2025-14356

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14356 Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14356 Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'uacf7getgeneratedpdf' function in all versions up to, and including, 3.5.33. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-14356

CVE-2025-14356 — The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on uacf7_get_generated_pdf in all versions up to and including 3.5.33. The Wordfence report confirms authenticated users with Subscriber-level a...

EUVD-2021-23462

Malware in sbrugna...

EUVD-2021-11058

Malware in sbrugna...

WordPress Contact Form 7 Database Addon plugin <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via tmpD Parameter vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Contact Form 7 Database Addon – CFDB7 versions = 1.3.1...

CVE-2025-6740

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-6740 Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-6740 Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Parameter

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-6740

CVE-2025-6740 concerns the WordPress plugin Contact Form 7 Database Addon (CFDB7). It is documented as vulnerable to unauthenticated stored cross-site scripting via the tmpD parameter in all versions up to and including 1.3.1, due to insufficient input sanitization and output escaping. The vulner...

WordPress plugin Contact Form 7 Database Addon 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin Contact Form...

CVE-2022-3634

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...

CVE-2021-24144

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

CVE-2024-3870

The CVE-2024-3870 entry concerns the WordPress plugin Contact Form 7 Database Addon – CFDB7. It is vulnerable to Sensitive Information Exposure in versions up to and including 1.2.6.8 via cfdb7_before_send_mail, allowing unauthenticated attackers to extract sensitive data (e.g., PII) from files u...

CVE-2024-3870 Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure

The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7beforesendmail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...

CVE-2024-3870 Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure

The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7beforesendmail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable...

WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Tim Coen in WordPress Plugin Contact Form 7 Database Addon – CFDB7 versions = 1.2.6.8...

WordPress Contact Form 7 Database Addon – CFDB7 Plugin <= 1.2.6.8 is vulnerable to Sensitive Data Exposure

Software Contact Form 7 Database Addon – CFDB7 Type Plugin Vulnerable versions = 1.2.6.8 Fixed in 1.2.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3870 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b218289620d7 Credits Ti...

WordPress Contact Form 7 Database Addon plugin CSV Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...