Lucene search
China National Vulnerability DatabaseCNVD-2021-102810HistoryDec 01, 2021 - 12:00 a.m.
WordPress Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-102810)
2021-12-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
0.001 Low
EPSS
Percentile
41.9%
WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin Contact Form With Captcha 1.6.2 and its previous versions exist cross-site request forgery vulnerability, the vulnerability originates when submitting a contact form ~ cfwc-form.php file is missing nonce validation, the plugin is vulnerable to cross-site request forgery attacks, attackers can use the vulnerability to inject arbitrary web scripts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress contact form with captcha | le | 1.6.2 |
Related
prion
prion
Cross site request forgery (csrf)
2021-11-29 19:15:00
nvd
nvd
CVE-2021-42358
2021-11-29 19:15:07
cve
cve
CVE-2021-42358
2021-11-29 19:15:07
wpvulndb
wpvulndb
Contact Form With Captcha <= 1.6.2 - CSRF to Stored Cross-Site Scripting
2021-11-29 00:00:00
cvelist
cvelist
patchstack
patchstack