cleantalk
Vulnerabilities and Security Researches

Advanced Contact form 7 DB, CVE-2026-0811

CVE, Research URL

CVE-2026-0811

Home page URL

Security reports for Advanced Contact form 7 DB

Application

Advanced Contact form 7 DB

Published on
Apr 09, 2026
Research Description
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz_cf7_save_setting_callback' function. This makes it possible for unauthenticated attackers to delete form entry via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.1.0.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
New vulnerability
Conditional Menus (CVE-2026-1032) , Apr 14, 2026
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2026-2559) , Apr 14, 2026
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2026-3090) , Apr 14, 2026
App Builder – Create Native Android & iOS Apps On The Flight (CVE-2026-2375) , Apr 14, 2026
Doofinder WP & WooCommerce Search (CVE-2026-39542) , Apr 14, 2026