cleantalk
Vulnerabilities and Security Researches

Contact Form 7 Database Addon – CFDB7, CVE-2022-3634

CVE, Research URL

CVE-2022-3634

Home page URL

Security reports for Contact Form 7 Database Addon – CFDB7

Application

Contact Form 7 Database Addon – CFDB7

Published on
Nov 21, 2022
Research Description
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
Affected versions
max 1.2.5.4.
Status
vulnerable
Previous vulnerability researches
Contact Form 7 Database Addon – CFDB7 (CVE-2021-36885) , Jun 07, 2024
Contact Form 7 Database Addon – CFDB7 (CVE-2021-24144) , Jun 07, 2024
Contact Form 7 Database Addon – CFDB7 (CVE-2022-3634) , Jun 07, 2024
Contact Form 7 Database Addon – CFDB7 (CVE-2021-36886) , Jun 07, 2024
Contact Form 7 Database Addon – CFDB7 (CVE-2024-3870) , Jun 07, 2024
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025