cleantalk
Vulnerabilities and Security Researches

Database for Contact Form 7, WPforms, Elementor forms, CVE-2022-3604

CVE, Research URL

CVE-2022-3604

Home page URL

Security reports for Database for Contact Form 7, WPforms, Elementor forms

Application

Database for Contact Form 7, WPforms, Elementor forms

Published on
Jan 16, 2024
Research Description
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.
Affected versions
max 1.2.2.
Status
vulnerable
Previous vulnerability researches
Database for Contact Form 7, WPforms, Elementor forms (CVE-2021-25080) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2021-25079) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2022-3604) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2023-31212) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2023-33311) , Jun 07, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026