The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.
CPE | Name | Operator | Version |
---|---|---|---|
contact_form_with_captcha | le | 1.6.2 |