Vulnerabilities and security researches forcontact-form-cfdb7 contact-form-cfdb7

Jun 07, 2024

CVE, Research URL: CVE-2021-36885
Home page URL: Security reports for Contact Form 7 Database Addon – CFDB7
Application: Contact Form 7 Database Addon – CFDB7
Date: Dec 23, 2021
Research Description: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24144
Home page URL: Security reports for Contact Form 7 Database Addon – CFDB7
Application: Contact Form 7 Database Addon – CFDB7
Date: Mar 18, 2021
Research Description: Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-3634
Home page URL: Security reports for Contact Form 7 Database Addon – CFDB7
Application: Contact Form 7 Database Addon – CFDB7
Date: Nov 21, 2022
Research Description: The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-36886
Home page URL: Security reports for Contact Form 7 Database Addon – CFDB7
Application: Contact Form 7 Database Addon – CFDB7
Date: Dec 23, 2021
Research Description: Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-3870
Home page URL: Security reports for Contact Form 7 Database Addon – CFDB7
Application: Contact Form 7 Database Addon – CFDB7
Date: May 02, 2024
Research Description: The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
Affected versions: Min -, max -.
Status: vulnerable

Jul 05, 2025

CVE, Research URL: CVE-2025-6740
Home page URL: Security reports for Contact Form 7 Database Addon – CFDB7
Application: Contact Form 7 Database Addon – CFDB7
Date: Jul 04, 2025
Research Description: The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable