WordPress Plugin Vulnerabilities

Contact Form DB <= 2.8.17 - Reflected XSS in Admin Area

Description

The contact-form-7-to-database-extension WordPress plugin was affected by a Reflected XSS in Admin Area security vulnerability.

Affects Plugins

Plugin icon
contact-form-7-to-database-extension
Fixed in 2.8.18

References

URL
https://web.archive.org/web/20160314064820/https://software-talk.org/blog/2014/11/reflected-xss-in-wordpress-contact-form-db-plugin/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Tim Coen
Verified
No
WPVDB ID
2bd383fd-60c3-4a32-9530-6eea7db04473

Timeline

Publicly Published
2014-11-26 (about 11 years ago)
Added
2014-11-26 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-06-07
Title
Recipe Card Blocks Lite < 3.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via 'summary' and 'notes'
Published
2025-06-05
Title
AppBanners <= 1.5.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-06-06
Title
Social Sharing Plugin – Sassy Social Share < 3.3.76 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter
Published
2025-01-16
Title
Gateway for Pasargad Bank <= 2.5.2 - Reflected Cross-Site Scripting
Published
2025-06-02
Title
Popup Maker < 1.20.5 - Contributor+ Stored XSS via popupID Parameter