PT-2021-15690 · WordPress · Contact Form 7 Database Addon
Suncsr-Thiennv
+1
·
Published
2021-03-18
·
Updated
2022-11-14
·
CVE-2021-24144
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Contact Form 7 Database Addon plugin versions prior to 1.2.5.6
Description:
The issue concerns unvalidated input in the Contact Form 7 Database Addon plugin, allowing remote attackers to inject arbitrary formulas into CSV files.
Recommendations:
For versions prior to 1.2.5.6, update to version 1.2.5.6 or later to resolve the issue.
Fix
Special Elements Injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Contact Form 7 Database Addon