CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability

Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...

CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

PT-2026-23447

Name of the Vulnerable Software and Affected Versions The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to and including 1.4.7 Description The plugin is susceptible to PHP Object Injection due to deserialization of untrusted input within the download csv...

WordPress plugin Database for Contact Form 7, WPforms, Elementor forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

Pimcore Local File Inclusion Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore. The...

Arbitrary file deletion

This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class bundles/AdminBundle/Controller/Reports/CustomReportController.php. An authenticated user can reach this function with a GET...