vsourz advanced_cf7_db CVE Vulnerabilities (4)

CVEs: 4 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting vsourz advanced_cf7_db (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2022-45285 Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). [email protected] 6.1 0.50% 2023-02-13 2026-06-17
CVE-2022-29408 Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. [email protected] 4.7 0.66% 2022-05-25 2026-06-17
CVE-2021-24905 The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users. [email protected] 8.0 0.72% 2022-03-21 2026-06-16
CVE-2019-13571 A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. [email protected] 9.8 4.00% 2019-07-29 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence