Contact Form 7 Database Addon Security Vulnerabilities and Issues — Contact Form 7 Database Addon CVE List

Lucene search

CiphercoinContact Form 7 Database Addon

5 matches found

CVE•added 2022/11/21 11:15 a.m.•52 views

CVE-2022-3634

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection

9.8CVSS9.6AI score0.00343EPSS

CVE•added 2021/03/18 3:15 p.m.•46 views

CVE-2021-24144

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.

7.8CVSS7.5AI score0.00754EPSS

CVE•added 2021/12/22 7:15 p.m.•42 views

CVE-2021-36886

Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions

8.8CVSS7.6AI score0.00112EPSS

CVE•added 2021/12/22 7:15 p.m.•36 views

CVE-2021-36885

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions

6.1CVSS5.8AI score0.0031EPSS

CVE•added 2025/07/04 12:15 p.m.•11 views

CVE-2025-6740

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS5.8AI score0.00127EPSS