13 matches found
PT-2026-51671
Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...
WordPress GB Forms DB plugin code injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code injection vulnerability exists in the WordPress GB Forms DB plugin that originates in the gbfdbtalktofront function that accepts user input and passes it through...
CVE-2025-22345 WordPress TS Comfort DB plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tsinf TS Comfort DB ts-comfort-database allows Reflected XSS.This issue affects TS Comfort DB: from n/a through = 2.0.7...
CVE-2024-4319
CVE-2024-4319 affects the WordPress plugin Advanced Contact form 7 DB . The vulnerability is due to a missing capability check in the function vsz_cf7_export_to_excel, allowing unauthenticated attackers to download submitted form entries. Affected versions are up to and including 2.0.2 ; remediat...
CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via thi...
CVE-2022-29408
Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...
Cross site scripting
Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...
appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.compuware.jenkins:compuware-common-configuration (>=1.0.6 <=1.0.11) +83 more potentially affected by CVE-2016-3726 via org.jenkins-ci.main:jenkins-core (>=1.652 <=2.29)
org.jenkins-ci.main:jenkins-core MAVEN version =1.652, =1.0, =1.0.6, =2.0.0, =2.0, =1.0.2, =1.0.0, =0.1.0, =0.1.0, =2.30.2, =1.2.0, =1.1.0, =0.17, =1.1.7, =1.2, =1.7 and more Source cves: CVE-2016-3726 Source advisory: OSV:GHSA-RX4R-GXPC-H85X...
WordPress Advanced Contact form 7 DB plugin <= 1.8.6 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Krzysztof Zając in WordPress Advanced Contact form 7 DB plugin versions = 1.8.6. Solution Update the WordPress Advanced Contact form 7 DB plugin to the latest available version at least 1.8.7...
WordPress Form Store to DB plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress Form Store to DB plugin...
Sql injection
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2019-13571
CVE-2019-13571 is a SQL injection vulnerability in the WordPress plugin Vsourz Digital Advanced CF7 DB, affecting versions up to 1.6.1. The issue allows a remote attacker to execute arbitrary SQL commands on the affected site. Multiple connected sources corroborate the vulnerability details and i...
CVE-2015-1874
Cross-site request forgery CSRF vulnerability in the Contact Form DB aka CFDB and contact-form-7-to-database-extension plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the...