Advanced Cf7 Db

advanced_cf7_db

Vendor: Vsourz • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45285 1Vsourz 1Advanced Cf7 Db Mar 24, 2025 Feb 13, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-29408 1Vsourz 1Advanced Cf7 Db Nov 21, 2024 May 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
CVE-2021-24905 1Vsourz 1Advanced Cf7 Db Nov 21, 2024 Mar 21, 2022 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authent...Show more The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.Show less
CVE-2019-13571 1Vsourz 1Advanced Cf7 Db Nov 21, 2024 Jul 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands...Show more A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.Show less