CVE-2014-7139

CVE-2014-7139 documents two XSS vulnerabilities in the WordPress plugin Contact Form DB (aka CFDB/contact-form-7-to-database-extension) up to version 2.8.13. The root cause is insufficient sanitization in the CF7DBPluginShortCodeBuilder page, allowing an attacker to craft GET parameters (form and...

CVE-2015-1874

CVE-2015-1874 affects the WordPress plugin Contact Form DB (CFDB / contact-form-7-to-database-extension) up to version 2.8.31 (before 2.8.32). The vulnerability is a CSRF flaw that allows an attacker to hijack an authenticated administrator’s session to perform a privileged action: deleting all r...

CVE-2015-2040

CVE-2015-2040 describes a cross-site scripting (XSS) vulnerability in the WordPress plugin Contact Form DB (CFDB / contact-form-7-to-database-extension) version 2.8.26. The issue allows remote attackers to inject arbitrary script/HTML via the submit_time parameter on the CF7DBPluginSubmissions pa...