Lucene search

Yuga Futatsuki (Cryptography Laboratory in Tokyo Denki University)PATCHSTACK:DAF5DE04EDC4065C9E0E5987501B9AE5

HistoryNov 29, 2021 - 12:00 a.m.

WordPress Contact Form With Captcha plugin <= 1.6.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

2021-11-2900:00:00

Yuga Futatsuki (Cryptography Laboratory in Tokyo Denki University)

patchstack.com

0.001 Low

EPSS

Percentile

41.9%

JSON

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Yuga Futatsuki (Cryptography Laboratory in Tokyo Denki University) in WordPress Contact Form With Captcha plugin (versions <= 1.6.7).

Solution

           Update the WordPress Contact Form With Captcha plugin to the latest available version (at least 1.6.8).

CPENameOperatorVersion
contact form with captchale1.6.7

CPE	Name	Operator	Version
	contact form with captcha	le	1.6.7

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42358

wordpress.org/plugins/contact-form-with-captcha/

www.wordfence.com/vulnerability-advisories/#2021-42358

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for PATCHSTACK:DAF5DE04EDC4065C9E0E5987501B9AE5