Vulnerabilities and security researches foradvanced-cf7-db advanced-cf7-db

Jun 06, 2024

CVE, Research URL: CVE-2022-29408
Home page URL: Security reports for Advanced Contact form 7 DB
Application: Advanced Contact form 7 DB
Date: May 25, 2022
Research Description: Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-13571
Home page URL: Security reports for Advanced Contact form 7 DB
Application: Advanced Contact form 7 DB
Date: Jul 29, 2019
Research Description: A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24905
Home page URL: Security reports for Advanced Contact form 7 DB
Application: Advanced Contact form 7 DB
Date: Mar 22, 2022
Research Description: The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.
Affected versions: Min -, max -.
Status: vulnerable

Jun 14, 2024

CVE, Research URL: CVE-2024-3723
Home page URL: Security reports for Advanced Contact form 7 DB
Application: Advanced Contact form 7 DB
Date: Jun 11, 2024
Research Description: The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-4319
Home page URL: Security reports for Advanced Contact form 7 DB
Application: Advanced Contact form 7 DB
Date: Jun 11, 2024
Research Description: The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.
Affected versions: Min -, max -.
Status: vulnerable

May 06, 2025

CVE, Research URL: CVE-2014-2054
Home page URL: Security reports for Advanced Contact form 7 DB
Application: Advanced Contact form 7 DB
Date: Jun 04, 2014
Research Description: PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Affected versions: Min -, max -.
Status: vulnerable