Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.
7.8CVSS
7.5AI Score
0.001EPSS
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon ā CFDB7 WordPress plugin (versions <= 1.2.6.1).
6.1CVSS
5.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon ā CFDB7 WordPress plugin (versions <= 1.2.5.9).
8.8CVSS
8.8AI Score
0.001EPSS
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
9.8CVSS
9.4AI Score
0.002EPSS