VYPR

Contact Form 7 Database Addon

by WordPress

CVEs (6)

  • CVE-2022-3634CriNov 21, 2022
    risk 0.64cvss 9.8epss 0.04

    The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection

  • CVE-2021-24144HigMar 18, 2021
    risk 0.51cvss 7.8epss 0.01

    Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.

  • CVE-2021-36886MedDec 22, 2021
    risk 0.42cvss 6.5epss 0.01

    Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).

  • CVE-2021-36885MedDec 22, 2021
    risk 0.40cvss 6.1epss 0.01

    Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).

  • CVE-2025-6740MedJul 4, 2025
    risk 0.33cvss 6.1epss 0.00

    The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2024-3870MedMay 2, 2024
    risk 0.28cvss 5.3epss 0.01

    The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as…