Lucene search

Vsourz Security Vulnerabilities

cve

CVE-2018-21012

The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.

6.1CVSS

6.4AI Score

0.001EPSS

2019-09-09 01:15 PM

cve

CVE-2019-13571

A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

9.8CVSS

9.9AI Score

0.077EPSS

2019-07-29 06:15 PM

cve

CVE-2021-24905

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing ...

8CVSS

8.1AI Score

0.001EPSS

2022-03-21 07:15 PM

cve

CVE-2022-29408

Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.

6.1CVSS

5.9AI Score

0.001EPSS

2022-05-25 04:15 PM

cve

CVE-2022-45285

Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).

6.1CVSS

6.1AI Score

0.001EPSS

2023-02-13 08:15 PM

cve

CVE-2023-2493

The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2CVSS

7.3AI Score

0.001EPSS

2023-07-10 04:15 PM

cve

CVE-2023-28167

Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-12 11:15 PM