Contact Form 7 Database Addon < 1.2.6.5 – CSV Injection | CVE 2022-3634

Affects Plugins

contact-form-cfdb7

Fixed in 1.2.6.5

References

CVE

CVE-2022-3634

Classification

Type

CSV INJECTION

OWASP top 10

A1: Injection

CWE

CWE-1236

CVSS

2.2 (low)

Miscellaneous

Original Researcher

VirtualSamurai

Submitter

VirtualSamurai

Submitter website

https://brainshell.net

Submitter twitter

https://twitter.com/virtualsamuraii

Verified

Yes

WPVDB ID

b5eeefb0-fb5e-4ca6-a6f0-67f4be4a2b10

Timeline

Publicly Published

2022-10-27 (about 3 years ago)

Added

2022-10-27 (about 3 years ago)

Last Updated

2023-05-19 (about 2 years ago)

Other

Published

Title

Published

2022-11-29

Title

WP CSV Exporter < 1.3.7 - CSV Injection

Published

2022-08-16

Title

Affiliates Manager < 2.9.14 - Affiliate CSV Injection

Published

2025-11-17

Title

Simple User Import Export <= 1.1.7 - Authenticated (Admin+) CSV Injection

Published

2022-11-17

Title

ProfileGrid < 5.1.8 - Subscriber+ CSV Injection

Published

2020-12-18

Title

Ultimate SMS Notifications for WooCommerce < 1.4.2 - CSV Injection