WordPress Contact Form 7 Database Addon plugin CSV Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

WordPress Contact Form 7 Database Addon Plugin < 1.2.6.5 CSV Injection Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-3634

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...

WordPress plugin Contact Form 7 Database Addon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

CVE-2022-3634

Affects WordPress Contact Form 7 Database Addon plugin for WordPress (versions prior to 1.2.6.5). The vulnerability arises because the plugin does not validate data when exporting to CSV, enabling CSV injection. CVSS v3.1 base score 9.8 (CRITICAL). Remediation: update to version 1.2.6.5 or later....

CVE-2022-3634 Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...

WordPress Contact Form 7 Database Addon plugin <= 1.2.6.3 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Adel Bouaricha in WordPress Contact Form 7 Database Addon plugin versions = 1.2.6.3. Solution Update the WordPress to the latest available version at least 1.2.6.5...

Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection PoC Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

WordPress Contact Form 7 Database Addon Plugin (CFDB7) <= 1.2.5.9 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Contact Form 7 Database Addon Plugin (CFDB7) < 1.2.6.2 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-102388)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin Contact Form 7 Database Addon CFDB7...

CVE-2021-36886

Cross-Site Request Forgery CSRF vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.5.9...

CVE-2021-36885

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.6.1...

CVE-2021-36886

Cross-Site Request Forgery CSRF vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.5.9...

Cross site scripting

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.6.1...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin versions = 1.2.5.9...

CVE-2021-36886

CVE-2021-36886 affects the WordPress plugin Contact Form 7 Database Addon (CFDB7) versions up to 1.2.5.9. Root cause is CSRF due to lack of token validation, enabling unauthorized actions when a logged-in user visits a malicious page. Impact is CSRF risk on sites using CFDB7

CVE-2021-36885

CFDB7 (Contact Form 7 Database Addon) WordPress plugin versions

WordPress 插件跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Contact Form 7 Database...