WordPress Plugin Vulnerabilities

Contact Form DB < 2.8.32 - Cross-Site Request Forgery (CSRF)

Description

The contact-form-7-to-database-extension WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
contact-form-7-to-database-extension
Fixed in 2.8.32

References

CVE
CVE-2015-1874
URL
https://packetstormsecurity.com/files/#130654/
URL
https://advisories.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-delete-all-stored-form-submissions/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
f781f36d-8760-4e53-8dd3-7cfba1d21ee2

Timeline

Publicly Published
2015-03-04 (about 11 years ago)
Added
2015-03-05 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-12-15
Title
CWW Companion < 1.3.3 - Cross-Site Request Forgery
Published
2025-04-09
Title
Windows Live Writer <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-12-12
Title
Onlywire Multi Autosubmitter <= 1.2.4 - Cross-Site Request Forgery to Cross-Site Scripting
Published
2023-10-03
Title
WP Power Stats <= 2.2.3 - CSRF
Published
2021-03-01
Title
Style Kits < 1.8.1 - Cross-Site Request Forgery