VYPR

Advanced Angular Contact Form

by WordPress

Source repositories

CVEs (3)

  • CVE-2021-24905HigMar 21, 2022
    risk 0.52cvss 8.0epss 0.01

    The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server.…

  • CVE-2025-23658HigFeb 14, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form advanced-angular-contact-form allows Reflected XSS.This issue affects Advanced Angular Contact Form: from n/a through <= 1.1.0.

  • CVE-2026-0811MedApr 8, 2026
    risk 0.28cvss 5.4epss 0.00

    The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz_cf7_save_setting_callback' function. This makes it possible for…