cleantalk
Vulnerabilities and Security Researches

Database for Contact Form 7, WPforms, Elementor forms, CVE-2021-25080

CVE, Research URL

CVE-2021-25080

Home page URL

Security reports for Database for Contact Form 7, WPforms, Elementor forms

Application

Database for Contact Form 7, WPforms, Elementor forms

Published on
Jan 24, 2022
Research Description
The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry
Affected versions
Min -, max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Database for Contact Form 7, WPforms, Elementor forms (CVE-2021-25080) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2021-25079) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2022-3604) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2023-31212) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2023-33311) , Jun 07, 2024
New vulnerability
12 Step Meeting List (CVE-2025-54054) , Aug 15, 2025
Joinchat , Aug 15, 2025
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2025-30993) , Aug 15, 2025
GMap Generator (CVE-2025-8568) , Aug 14, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-47444) , Aug 14, 2025