Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical1
High0
Medium4
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-10-30

CVE-2025-4665 - Contact Form Cfdb7 Plugin

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation of user input in plugin endpoints, allowing crafted input to influence backend queries in unexpected ways. Using specially crafted payloads, this can escalate into unsafe deserialization, enabling arbitrary object injection in PHP. Although the issue is remotely exploitable without authentication, it does require a crafted interaction with the affected endpoint in order to trigger successfully.

PLUGIN Contact Form Cfdb7

CVE-2025-4665

CRITICAL CVSS 9.6 2025-10-29
Open Full Technical Breakdown
Threat Entry Updated 2025-07-09

CVE-2025-6740 - Contact Form Cfdb7 Plugin

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Contact Form Cfdb7

CVE-2025-6740

MEDIUM CVSS 6.1 2025-07-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2024-3870 - Contact Form Cfdb7 Plugin

The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.

PLUGIN Contact Form Cfdb7

CVE-2024-3870

MEDIUM CVSS 5.3 2024-05-02
Open Full Technical Breakdown
Scroll to top