CVE-2023-28167

2023-11-1223:15:09

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-28167

csrf

vsourz digital

cf7

invisible recaptcha

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions.

Affected configurations

Vulners

NVD

Node

vsourz_digitalcf7_invisible_recaptchaRange≤1.3.3

CPENameOperatorVersion
vsourz:cf7_invisible_recaptchavsourz cf7 invisible recaptchale1.3.3

CPE	Name	Operator	Version
vsourz:cf7_invisible_recaptcha	vsourz cf7 invisible recaptcha	le	1.3.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "cf7-invisible-recaptcha",
    "product": "CF7 Invisible reCAPTCHA",
    "vendor": "Vsourz Digital",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.3.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cf7-invisible-recaptcha/wordpress-cf7-invisible-recaptcha-plugin-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve