Advanced Contact form 7 DB
Moderate fix1 remedy
cpe:2.3:a:vsourz:advanced_cf7_db:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.0.9
Advanced Contact Form 7 DB WordPress Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Advanced Contact Form 7 DB plugin for WordPress, affecting all versions up to and including 2.0.9. The vulnerability arises from inadequate nonce validation in the 'vsz_cf7_save_setting_callback' function, allowing unauthenticated attackers to delete form entries by tricking a site administrator into clicking a link.
Impact
Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling the deletion of form entries without proper authorization.
Reproduction
To reproduce this vulnerability, an attacker must send a forged request to a WordPress site with the vulnerable plugin installed. This can be done by tricking an administrator into clicking a link that contains the necessary parameters to delete a form entry, bypassing the missing nonce validation.
Remediation
Users are advised to update the Advanced Contact Form 7 DB plugin to version 2.1.0 or later, where this vulnerability has been patched.
Added: Apr 8, 2026, 8:49 PM
Updated: Apr 8, 2026, 8:49 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
7.4remediation
7.7relevance
5.5threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.