8 matches found
CVE-2024-24884
Summary: CVE-2024-24884 is a CSRF vulnerability in the ARI Soft Contact Form 7 Connector plugin for WordPress. The issue affects versions up to and including 1.2.2 and can be triggered without authentication, enabling an attacker to induce state-changing actions in a user’s session. The patchstac...
WordPress Plugin Contact Form 7 Connector Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
Contact Form 7 Connector < 1.2.3 - Cross-Site Request Forgery
Description The Contact Form 7 Connector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on several function. This makes it possible for unauthenticated attackers to perform unauthorized...
WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Contact Form 7 Connector Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24884 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ee996476bd59 Credits Dhabaleshw...
CVE-2024-0239
The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...
CVE-2024-0239
The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...
Cross site scripting
The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...
CVE-2024-0239 Contact Form 7 Connector < 1.2.3 - Reflected XSS
The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...