123ContactForm for WordPress <= 1.5.6 - Validation Bypass via Plugin Verification

Description The cfp-connect AJAX call uses user input controlled data to perform the signature verification, attackers could craft these values $message, $signature, $cfpubkey to bypass the validation mechanisms and inject their own publickey into the database...

123ContactForm for WordPress <= 1.5.6 - Unauthenticated Arbitrary Post Creation

Description The cfp-new-post AJAX action uses the cfpauthenticate function to attempt to verify the signature, however uses user controller input to do so which result in a bypass, then allowing unauthenticated attackers to create arbitrary posts...

123ContactForm for WordPress <= 1.5.6 - Unauthenticated Arbitrary File Upload

Description Attackers could use the Unauthenticated Arbitrary Post Creation issue https://wpscan.com/vulnerability/d3ef5644-1044-492f-ac23-ea90b32f1e77 to also upload a PHP file via the cfpuploadimage function which fails to properly verify that the file provided is an image...

WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability found by Sucuri in WordPress 123ContactForm plugin versions = 1.5.6. Solution 2021-01-20 - we were unable to find a patched version of this plugin. Notification from WordPress plugin repository: "This plugin has been closed as of October 27, 2020 and is not...

WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary Post Creation vulnerability

Arbitrary Post Creation vulnerability found by Sucuri in WordPress 123ContactForm plugin versions = 1.5.6. Solution 2021-01-20 - we were unable to find a patched version of this plugin. Notification from WordPress plugin repository: "This plugin has been closed as of October 27, 2020 and is not...

WordPress 123ContactForm plugin <= 1.5.6 - Validation Bypass via Plugin Verification vulnerability

Validation Bypass via Plugin Verification vulnerability found by Sucuri in WordPress 123ContactForm plugin versions = 1.5.6. Solution 2021-01-20 - we were unable to find a patched version of this plugin. Notification from WordPress plugin repository: "This plugin has been closed as of October 27,...

123ContactForm - Cross Site Scripting Web Vulnerability

Document Title: =============== 123ContactForm - Cross Site Scripting Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1982 Ref: 123-1476631846 Release Date: ============= 2017-06-12 Vulnerability Laboratory ID VL-ID:...

123ContactForm - Cross Site Scripting Web Vulnerability

Document Title: =============== 123ContactForm - Cross Site Scripting Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1982 Ref: 123-1476631846 Release Date: ============= 2017-06-11 Vulnerability Laboratory ID VL-ID:...