WordPress Plugin Vulnerabilities

Contact Form DB < 2.8.28 - Authenticated Cross-Site Scripting (XSS)

Description

The contact-form-7-to-database-extension WordPress plugin was affected by an authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
contact-form-7-to-database-extension
Fixed in 2.8.28

References

CVE
CVE-2015-2040
URL
https://packetstormsecurity.com/files/#130311/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
abe80ad1-c7c0-4c42-b7e9-52299f7bbbcb

Timeline

Publicly Published
2015-02-22 (about 11 years ago)
Added
2015-02-22 (about 11 years ago)
Last Updated
2021-05-12 (about 5 years ago)

Other

Published
Title
Published
2022-11-28
Title
FlyingPress < 3.9.7 - Arbitrary Settings Update to Stored XSS
Published
2024-11-28
Title
WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2025-01-06
Title
Horoscope And Tarot < 1.3.1 - Contributor+ Stored XSS
Published
2024-12-02
Title
My auctions allegro < 3.6.18 - Reflected Cross-Site Scripting
Published
2024-07-26
Title
ParityPress < 1.0.1 - Admin+ Stored XSS