Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin β CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin β CF7 WOW Styler: from n/a through...
6.3CVSS
6.7AI Score
0.0004EPSS
The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick...
4.3CVSS
4.2AI Score
0.001EPSS
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a siteβs administrator into clicking....
8.8CVSS
8.5AI Score
0.001EPSS