Description
WordPress Plugin Contact Form DB is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Contact Form DB version 2.8.31 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.8.32 or latest
References
http://seclists.org/fulldisclosure/2015/Mar/21
https://wordpress.org/plugins/contact-form-7-to-database-extension/changelog/
Related Vulnerabilities
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.12)
WordPress Plugin Nelio AB Testing Server-Side Request Forgery (4.5.10)
Joomla! Core 3.x.x Security Bypass (3.7.0 - 3.9.15)
WordPress Plugin Advanced Contact form 7 DB SQL Injection (1.6.1)
WordPress Plugin WP Limit Login Attempts SQL Injection (2.0.0)