Lucene search
Francesco CarlucciPATCHSTACK:B01226814CCC77069AE8C6CF3B955DDDHistoryDec 29, 2021 - 12:00 a.m.
WordPress Orange Form plugin <= 1.0 - SQL Injection (SQLi) via Cross-Site Request Forgery (CSRF) vulnerability
2021-12-2900:00:00
Francesco Carlucci
patchstack.com
10
0.001 Low
EPSS
Percentile
43.5%
SQL Injection (SQLi) via Cross-Site Request Forgery (CSRF) vulnerability discovered by Francesco Carlucci in WordPress Orange Form plugin (versions <= 1.0).
Solution
Deactivate and delete. This plugin has been closed as of December 29, 2021 and is not available for download. This closure is temporary, pending a full review.
| CPE | Name | Operator | Version |
|---|---|---|---|
| orange form | le | 1.0 |
Related
wpvulndb
wpvulndb
Orange Form <= 1.0 - SQL Injection via CSRF
2021-12-29 00:00:00
wpexploit
wpexploit
Orange Form <= 1.0 - SQL Injection via CSRF
2021-12-29 00:00:00
cnvd
cnvd
WordPress Orange Form Plugin SQL Injection Vulnerability
2022-03-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-02-28 09:15:00
nvd
nvd
CVE-2021-24704
2022-02-28 09:15:07
cve
cve
CVE-2021-24704
2022-02-28 09:15:07
cvelist
cvelist
CVE-2021-24704 Orange Form <= 1.0 - SQL Injection via CSRF
2022-02-28 09:06:06