N/A
2026-01-27< 1.4.6
Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export
Database for Contact Form 7, WPforms, Elementor forms
Minimum safe version
1.5.0
Update to 1.5.0 or later to address 19 fixable vulnerabilities
Latest available1.5.0 ✓
N/A
2026-03-04< 1.4.8
Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'
N/A
2026-04-01< 1.5.0
WordPress Contact Form Entries Plugin <= 1.4.9 is vulnerable to Broken Access Control
Critical 9.8
2025-08-13< 1.4.4
Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion
High 7.2
2024-05-02< 1.3.9
CVE-2024-3715
Medium 6.4
2024-03-13< 1.3.4
CVE-2024-2030
High 7.2
2024-01-31< 1.3.3
CVE-2024-1069
Medium 6.5
2023-05-28< 1.3.1
CVE-2023-33311
High 8.5
2023-10-31< 1.3.1
CVE-2023-31212
N/A
2021-08-24< 1.2.1
Contact Form Entries – Contact Form 7, WPforms and more <= 1.2.0 - Reflected Cross-Site Scripting
N/A
2021-08-26< 1.2.2
CRM Perks - Various Plugins (Various Versions) - Reflected Cross-Site Scripting
High 7.8
2024-01-16< 1.3.0
CVE-2022-3604
N/A
< 1.2.1
Contact Form Entries < 1.2.1 - Reflected Cross-Site Scripting
N/A
< 1.2.2
Multiple Plugins from CRM Perks - Reflected Cross-Site Scripting
N/A
2021-11-14< 1.2.4
WordPress Contact Form Entries plugin <= 1.2.3 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
N/A
2021-11-14< 1.2.4
WordPress Contact Form Entries plugin <= 1.2.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
N/A
2021-11-14< 1.2.4
WordPress Contact Form Entries plugin <= 1.2.3 - Unauthenticated Persistent Cross-Site Scripting (XSS) vulnerability
Medium 6.1
2022-01-24< 1.1.7
CVE-2021-25080
Medium 6.1
2025-10-03< 1.2.4
CVE-2021-25079