MidnightBSD

Advisories for ciphercoin

CVE-2015-6829 HIGH

Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
ciphercoin wp_limit_login_attempts *
CVE-2021-24144 MEDIUM

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-1236,

Products Affected

Vendor Product Version
ciphercoin contact_form_7_database_addon *
CVE-2021-36885 MEDIUM

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
ciphercoin contact_form_7_database_addon *
CVE-2021-36886 MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
ciphercoin contact_form_7_database_addon *
CVE-2022-3634

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection

Products Affected

Vendor Product Version
ciphercoin contact_form_7_database_addon *
CVE-2022-4303

The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.

Products Affected

Vendor Product Version
ciphercoin wp_limit_login_attempts *
CVE-2023-31075

Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a through 1.0.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 2.8 2.5
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
ciphercoin easy_hide_login *
CVE-2023-32505

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
audit@patchstack.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
ciphercoin easy_hide_login *
CVE-2025-6740

The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tmpD’ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security@wordfence.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
ciphercoin contact_form_7_database_addon *