CVE-2014-2054

Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel)

lowDependency on Vulnerable Third-Party Component

3.7

CVSS Score

3.7

CVSS Score

low

Severity

3.9.0

Patched in

Time to patch

Description

Multiple plugins for WordPress utilize a vulnerable dependency (PHPExcel) in various versions. No vulnerabilities have been confirmed exploitable in either plugin, however, an update is still recommended for both.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

None

Confidentiality

Low

Integrity

None

Availability

Technical Details

Affected versions<=3.8.0

PublishedApril 7, 2025

Last updatedApril 7, 2025

Affected pluginwp-all-import

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/d88a5dfc-4654-4299-b5a5-2a48b3823e37?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database