Vsourz Advanced Cf7 Db vulnerabilities
4 known vulnerabilities affecting vsourz/advanced_cf7_db.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2019-13571P2CRITICALCVSS 9.8≤ 1.6.12019-07-29
CVE-2019-13571 [CRITICAL] CWE-89 CVE-2019-13571: A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
nvd
CVE-2021-24905P3HIGHCVSS 8.0fixed in 1.8.72022-03-21
CVE-2021-24905 [HIGH] CWE-863 CVE-2021-24905: The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF ch
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPres
nvd
CVE-2022-45285P4MEDIUMCVSS 6.1v1.7.2v1.9.12023-02-13
CVE-2022-45285 [MEDIUM] CWE-79 CVE-2022-45285: Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scrip
Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).
nvd
CVE-2022-29408P4MEDIUMCVSS 6.1≤ 1.8.72022-05-25
CVE-2022-29408 [MEDIUM] CWE-79 CVE-2022-29408: Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB p
Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
nvd