cleantalk
Vulnerabilities and Security Researches

Contact Form 7 Database Addon – CFDB7, CVE-2024-3870

CVE, Research URL

CVE-2024-3870

Home page URL

Security reports for Contact Form 7 Database Addon – CFDB7

Application

Contact Form 7 Database Addon – CFDB7

Published on
May 02, 2024
Research Description
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
Affected versions
Min -, max 1.2.7.
Status
vulnerable
Previous vulnerability researches
Contact Form 7 Database Addon – CFDB7 (CVE-2021-36885) , Jun 07, 2024
Contact Form 7 Database Addon – CFDB7 (CVE-2021-24144) , Jun 07, 2024
Contact Form 7 Database Addon – CFDB7 (CVE-2022-3634) , Jun 07, 2024
Contact Form 7 Database Addon – CFDB7 (CVE-2021-36886) , Jun 07, 2024
Contact Form 7 Database Addon – CFDB7 (CVE-2024-3870) , Jun 07, 2024
New vulnerability
Radio Station by netmix® – Manage and play your Show Schedule in WordPress! (CVE-2025-53568) , Jul 05, 2025
RD Contacto (CVE-2025-5933) , Jul 05, 2025
AiBud WP – ChatGPT, OpenAI, Content & Image Generator WordPress plugin (CVE-2025-23968) , Jul 05, 2025
WP Permalink Translator (CVE-2025-53274) , Jul 05, 2025
Soumettre.fr (CVE-2025-4654) , Jul 05, 2025