WP-Safety
CVE-2021-36886

Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery

mediumCross-Site Request Forgery (CSRF)
6.5
CVSS Score
6.5
CVSS Score
medium
Severity
1.2.6.1
Patched in
802d
Time to patch

Description

Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
None
Confidentiality
High
Integrity
None
Availability

Technical Details

Affected versions<=1.2.5.9
PublishedNovember 12, 2021
Last updatedJanuary 22, 2024
Affected plugincontact-form-cfdb7
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/0f2c46f7-b7c9-41a5-8cf9-61a683c3922c?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database