VYPR

Contact Form Advanced Database

by WordPress

CVEs (1)

  • CVE-2021-24790MedDec 13, 2021
    risk 0.28cvss 4.3epss 0.00

    The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to…