Vsourz

vsourz

8 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Advanced Cf7 Db

advanced_cf7_db

Cf7 Invisible Recaptcha

cf7_invisible_recaptcha

All In One Redirection

all_in_one_redirection

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37245 1Vsourz 1All In One Redirection Nov 21, 2024 Jul 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a...Show more Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Reflected XSS.This issue affects All In One Redirection: from n/a through 2.2.0.Show less
CVE-2023-28167 1Vsourz 1Cf7 Invisible Recaptcha Nov 21, 2024 Nov 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.
CVE-2023-2493 1Vsourz 1All In One Redirection Nov 21, 2024 Jul 10, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users suc...Show more The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.Show less
CVE-2022-45285 1Vsourz 1Advanced Cf7 Db Mar 24, 2025 Feb 13, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-29408 1Vsourz 1Advanced Cf7 Db Nov 21, 2024 May 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
CVE-2021-24905 1Vsourz 1Advanced Cf7 Db Nov 21, 2024 Mar 21, 2022 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authent...Show more The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.Show less
CVE-2018-21012 1Vsourz 1Cf7 Invisible Recaptcha Nov 21, 2024 Sep 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.
CVE-2019-13571 1Vsourz 1Advanced Cf7 Db Nov 21, 2024 Jul 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands...Show more A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.Show less