Vulnerabilities > Vsourz > Advanced CF7 DB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-13 | CVE-2022-45285 | Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB 1.7.2/1.9.1 Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2022-05-25 | CVE-2022-29408 | Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | 4.3 |
| 2022-03-21 | CVE-2021-24905 | Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Advanced CF7 DB The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. | 8.0 |
| 2019-07-29 | CVE-2019-13571 | SQL Injection vulnerability in Vsourz Advanced CF7 DB A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. | 9.8 |