Lucene search

K
patchstackIstván MártonPATCHSTACK:2B7B9B3764A8BA952DC3E3DC9BC506E6
HistoryMar 15, 2023 - 12:00 a.m.

WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

2023-03-1500:00:00
István Márton
patchstack.com
1
wordpress
contact form
csrf
vulnerability
plugin
fixed
owasp
cross site request forgery
cve
patch
low
cvss
developer
unauthenticated
published

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

Software

Contact Form 7 Redirect & Thank You Page

Type

Plugin

Vulnerable versions

<= 1.0.3

Fixed in

1.0.4

OWASP Top 10

A5: Broken Access Control

Classification

Cross Site Request Forgery (CSRF)

CVE

CVE-2023-24395

Patch priority

Low

CVSS severity

Low (5.4)

Developer

Claim ownership

PSID

85651332013c

Credits

István Márton István Márton

Required privilege

Unauthenticated

Published

15 March, 2023

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
scott_patersoncontact_form_7_redirect_\&_thank_you_pageRange1.0.3
VendorProductVersionCPE
scott_patersoncontact_form_7_redirect_\&_thank_you_page*cpe:2.3:a:scott_paterson:contact_form_7_redirect_\&_thank_you_page:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

Related for PATCHSTACK:2B7B9B3764A8BA952DC3E3DC9BC506E6