Advanced Cf7 Db@* Security Vulnerabilities and Issues — Advanced Cf7 Db@* CVE List

Lucene search

VsourzAdvanced Cf7 Db*

4 matches found

CVE•added 2022/05/25 4:15 p.m.•85 views

CVE-2022-29408

Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin

6.1CVSS5.2AI score0.00273EPSS

CVE•added 2022/03/21 7:15 p.m.•83 views

CVE-2021-24905

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing ...

8CVSS8.2AI score0.00131EPSS

CVE•added 2019/07/29 6:15 p.m.•57 views

CVE-2019-13571

A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

9.8CVSS9.9AI score0.02868EPSS

CVE•added 2024/06/11 6:15 a.m.•44 views

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this ...

5.3CVSS5.5AI score0.0082EPSS