Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical0
High1
Medium5
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2026-04-08

CVE-2026-0811 - Advanced Cf7 Db Plugin

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz_cf7_save_setting_callback' function. This makes it possible for unauthenticated attackers to delete form entry via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Advanced Cf7 Db

CVE-2026-0811

MEDIUM CVSS 5.4 2026-04-08
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2026-0814 - Advanced Cf7 Db Plugin

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export form submissions to excel file.

PLUGIN Advanced Cf7 Db

CVE-2026-0814

MEDIUM CVSS 4.3 2026-04-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-4319 - Advanced Cf7 Db Plugin

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.

PLUGIN Advanced Cf7 Db

CVE-2024-4319

MEDIUM CVSS 5.3 2024-06-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3723 - Advanced Cf7 Db Plugin

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.

PLUGIN Advanced Cf7 Db

CVE-2024-3723

MEDIUM CVSS 5.3 2024-06-11
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24905 - Advanced Cf7 Db Plugin

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.

PLUGIN Advanced Cf7 Db

CVE-2021-24905

HIGH CVSS 8.0 2022-03-21
Open Full Technical Breakdown
Scroll to top