🚨 New 0-day Threat Hunt Promo for the Wordfence bug bounty program! 🚨
All high threat issues in software with >= 1000 Active Installations (from pre-defined list of vulnerabilities) are considered in-scope for ALL Researchers regardless of researcher tier. Check out the in-scope bounties here!

Contact Form 7 Database Addon – CFDB7

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Contact Form 7 Database Addon – CFDB7

Information

Software Type	Plugin
Software Slug	contact-form-cfdb7 (view on wordpress.org)
Software Status	Active
Software Author	arshidkv12
Software Website	ciphercoin.com
Software Downloads	5,232,845
Software Active Installs	600,000
Software Record Last Updated	July 5, 2024

6 Vulnerabilities

Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-3870

Apr 26, 2024

Researcher: Tim Coen

Contact Form 7 Database Addon <= 1.2.6.3 - CSV Injection

7.2

CVE-2022-3634

Oct 27, 2022

Researcher: Adel Bouaricha

Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery

6.5

CVE-2021-36886

Nov 12, 2021

Researcher: RE-ALTER

Contact Form 7 Database Addon – CFDB7 <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2021-36885

Nov 12, 2021

Researcher: RE-ALTER

Contact Form 7 Database Addon <= 1.2.5.4 - CSV Injection

8.8

CVE-2021-24144

Jan 25, 2021

Researcher: SunCSR-thiennv

Contact Form 7 Database Addon <= 1.2.5.3 - SQL Injection

8.8

CVE ID Unknown

Jan 19, 2021

Researchers:

Title	Status	CVE ID	CVSS	Researchers	Date
Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure	Patched	CVE-2024-3870	5.3	Tim Coen	April 26, 2024
Contact Form 7 Database Addon <= 1.2.6.3 - CSV Injection	Patched	CVE-2022-3634	7.2	Adel Bouaricha	October 27, 2022
Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery	Patched	CVE-2021-36886	6.5	RE-ALTER	November 12, 2021
Contact Form 7 Database Addon – CFDB7 <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting	Patched	CVE-2021-36885	6.1	RE-ALTER	November 12, 2021
Contact Form 7 Database Addon <= 1.2.5.4 - CSV Injection	Patched	CVE-2021-24144	8.8	SunCSR-thiennv	January 25, 2021
Contact Form 7 Database Addon <= 1.2.5.3 - SQL Injection	Patched		8.8		January 19, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation