WordPress · Contact Form 7 Database Addon · CVE-2021-24144
Name of the Vulnerable Software and Affected Versions:
Contact Form 7 Database Addon plugin versions prior to 1.2.5.6
Description:
The issue concerns unvalidated input in the Contact Form 7 Database Addon plugin, allowing remote attackers to inject arbitrary formulas into CSV files.
Recommendations:
For versions prior to 1.2.5.6, update to version 1.2.5.6 or later to resolve the issue.