cleantalk
Vulnerabilities and Security Researches

Database for Contact Form 7, WPforms, Elementor forms, CVE-2024-1069

CVE, Research URL

CVE-2024-1069

Home page URL

Security reports for Database for Contact Form 7, WPforms, Elementor forms

Application

Database for Contact Form 7, WPforms, Elementor forms

Published on
Jan 31, 2024
Research Description
The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 1.3.3.
Status
vulnerable
Previous vulnerability researches
Database for Contact Form 7, WPforms, Elementor forms (CVE-2021-25080) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2021-25079) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2022-3604) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2023-31212) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2023-33311) , Jun 07, 2024
New vulnerability
Joinchat , Aug 15, 2025
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2025-30993) , Aug 15, 2025
GMap Generator (CVE-2025-8568) , Aug 14, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-47444) , Aug 14, 2025
Easy Form Builder (CVE-2025-54678) , Aug 14, 2025