Vulnerabilities > Vsourz > Advanced CF7 DB > 1.4.2

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-29408 Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB
Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
network
vsourz CWE-79
4.3
4.3
2022-03-21 CVE-2021-24905 Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Advanced CF7 DB
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server.
network
low complexity
vsourz CWE-352
8.0
8.0
2019-07-29 CVE-2019-13571 SQL Injection vulnerability in Vsourz Advanced CF7 DB
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress.
network
low complexity
vsourz CWE-89
critical
 9.8
9.8