Vulnerabilities > Vsourz

DATE CVE VULNERABILITY TITLE RISK
2023-11-12 CVE-2023-28167 Cross-Site Request Forgery (CSRF) vulnerability in Vsourz CF7 Invisible Recaptcha
Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.
network
low complexity
vsourz CWE-352
8.8
2023-07-10 CVE-2023-2493 Unspecified vulnerability in Vsourz ALL in ONE Redirection
The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
network
low complexity
vsourz
7.2
2023-02-13 CVE-2022-45285 Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB 1.7.2/1.9.1
Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
vsourz CWE-79
6.1
2022-05-25 CVE-2022-29408 Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB
Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
network
vsourz CWE-79
4.3
2022-03-21 CVE-2021-24905 Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Advanced CF7 DB
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server.
network
low complexity
vsourz CWE-352
8.0
2019-09-09 CVE-2018-21012 Cross-site Scripting vulnerability in Vsourz CF7 Invisible Recaptcha
The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.
network
low complexity
vsourz CWE-79
6.1
2019-07-29 CVE-2019-13571 SQL Injection vulnerability in Vsourz Advanced CF7 DB
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress.
network
low complexity
vsourz CWE-89
critical
9.8