CVE-2023-47871 WordPress Contact Form to Any API plugin <= 1.1.6 - Broken Access Control vulnerability

🗓️ 09 Dec 2024 11:30:33Reported by PatchstackType

Broken Access Control in WordPress Contact Form plugin allows unauthorized access exploitation.

Reporter	Title	Published	Views	Family All 13
0day.today	WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery Vulnerability	12 Dec 202300:00	–	zdt
Circl	CVE-2023-47871	9 Dec 202411:46	–	circl
CNNVD	WordPress plugin Contact Form to Any API 安全漏洞	9 Dec 202400:00	–	cnnvd
CVE	CVE-2023-47871	9 Dec 202411:30	–	cve
EUVD	EUVD-2023-51961	3 Oct 202520:07	–	euvd
NVD	CVE-2023-47871	9 Dec 202413:15	–	nvd
Packet Storm	WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery	11 Dec 202300:00	–	packetstorm
Patchstack	WordPress Contact Form to Any API Plugin <= 1.1.6 is vulnerable to Broken Access Control	20 Nov 202300:00	–	patchstack
Positive Technologies	PT-2024-13527 · It Path Solutions · It Path Solutions Contact Form To Any Api	9 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-47871	23 May 202501:58	–	redhatcve

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "contact-form-to-any-api",
    "product": "Contact Form to Any API",
    "vendor": "IT Path Solutions",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/wordpress/plugin/contact-form-to-any-api/vulnerability/wordpress-contact-form-to-any-api-plugin-1-1-6-broken-access-control-vulnerability

28 Apr 2026 16:08Current

CVSS 3.14.3

EPSS0.00123

CWE-862