vulnerability

WordPress Plugin: contact-form-cfdb7: CVE-2021-36885: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Try Surface Command
Back to search
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Nov 12, 2021
Added
May 15, 2025
Modified
Jul 10, 2025

Description

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions less than or equal to 1.2.6.1).

Solution

contact-form-cfdb7-plugin-cve-2021-36885

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today