Database Addon for Contact Form 7 – CFDB7

Vulnerabilities 10Slug contact-form-cfdb7Latest version 1.3.6WordPress.org →

Minimum safe version

1.3.2

Update to 1.3.2 or later to address 9 fixable vulnerabilities

Latest available1.3.6 ✓Affected up to1.3.2 ⚠

Critical 9.6

2025-10-28≤ 1.3.2

CVE-2025-4665

EUVD CVE

Medium 6.1

2025-07-07< 1.3.2

WordPress Contact Form 7 Database Addon – CFDB7 Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Patchstack EUVD Wordfence CVE

Medium 5.3

2024-05-02< 1.2.7

CVE-2024-3870

CVE Patchstack Wordfence

N/A

2021-01-19< 1.2.5.4

Contact Form 7 Database Addon <= 1.2.5.3 - SQL Injection

Wordfence

N/A

< 1.2.5.4

Contact Form 7 Database Addon < 1.2.5.4 - Authenticated SQL Injections

WPScan

Critical 9.8

2022-11-21< 1.2.6.5

CVE-2022-3634

CVE Patchstack Wordfence WPScan

N/A

2021-01-21< 1.2.5.4

WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.3 - Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability

Patchstack

High 7.8

2021-03-18< 1.2.5.6

CVE-2021-24144

CVE Wordfence WPScan

Medium 6.5

2021-12-22< 1.2.6.1

CVE-2021-36886

CVE Patchstack Wordfence WPScan

Medium 6.1

2021-12-22< 1.2.6.2

CVE-2021-36885

CVE Patchstack Wordfence WPScan