VYPR

Contact Form Cfdb7

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-4665CriOct 29, 2025
    risk 0.55cvss 9.6epss 0.00

    WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation of user input in plugin…

  • CVE-2024-3870MedMay 2, 2024
    risk 0.28cvss 5.3epss 0.01

    The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as…