WordPress GB Forms DB plugin code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code injection vulnerability exists in the WordPress GB Forms DB plugin that originates in the gbfdbtalktofront function that accepts user input and passes it through...

CVE-2025-22345 WordPress TS Comfort DB plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tsinf TS Comfort DB ts-comfort-database allows Reflected XSS.This issue affects TS Comfort DB: from n/a through = 2.0.7...

CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via thi...

CVE-2024-4319

CVE-2024-4319 affects the WordPress plugin Advanced Contact form 7 DB . The vulnerability is due to a missing capability check in the function vsz_cf7_export_to_excel, allowing unauthenticated attackers to download submitted form entries. Affected versions are up to and including 2.0.2 ; remediat...

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

Cross site scripting

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.compuware.jenkins:compuware-common-configuration (>=1.0.6 <=1.0.11) +83 more potentially affected by CVE-2016-3726 via org.jenkins-ci.main:jenkins-core (>=1.652 <=2.29)

org.jenkins-ci.main:jenkins-core MAVEN version =1.652, =1.0, =1.0.6, =2.0.0, =2.0, =1.0.2, =1.0.0, =0.1.0, =0.1.0, =2.30.2, =1.2.0, =1.1.0, =0.17, =1.1.7, =1.2, =1.7 and more Source cves: CVE-2016-3726 Source advisory: OSV:GHSA-RX4R-GXPC-H85X...

WordPress Advanced Contact form 7 DB plugin <= 1.8.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Krzysztof Zając in WordPress Advanced Contact form 7 DB plugin versions = 1.8.6. Solution Update the WordPress Advanced Contact form 7 DB plugin to the latest available version at least 1.8.7...

WordPress Form Store to DB plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress Form Store to DB plugin...

Sql injection

A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2019-13571

CVE-2019-13571 is a SQL injection vulnerability in the WordPress plugin Vsourz Digital Advanced CF7 DB, affecting versions up to 1.6.1. The issue allows a remote attacker to execute arbitrary SQL commands on the affected site. Multiple connected sources corroborate the vulnerability details and i...

CVE-2015-1874

Cross-site request forgery CSRF vulnerability in the Contact Form DB aka CFDB and contact-form-7-to-database-extension plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the...