Lucene search
K

8 matches found

CVE
CVE
added 2024/02/12 8:46 a.m.58 views

CVE-2024-24884

Summary: CVE-2024-24884 is a CSRF vulnerability in the ARI Soft Contact Form 7 Connector plugin for WordPress. The issue affects versions up to and including 1.2.2 and can be triggered without authentication, enabling an attacker to induce state-changing actions in a user’s session. The patchstac...

8.8CVSS6.3AI score0.00214EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/12 12:0 a.m.4 views

WordPress Plugin Contact Form 7 Connector Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.16 views

Contact Form 7 Connector < 1.2.3 - Cross-Site Request Forgery

Description The Contact Form 7 Connector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on several function. This makes it possible for unauthenticated attackers to perform unauthorized...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/05 12:0 a.m.9 views

WordPress Contact Form 7 Connector Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Contact Form 7 Connector Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24884 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ee996476bd59 Credits Dhabaleshw...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/01/16 4:15 p.m.20 views

CVE-2024-0239

The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...

6.1CVSS6.1AI score0.00454EPSS
Exploits2References1
OSV
OSV
added 2024/01/16 4:15 p.m.2 views

CVE-2024-0239

The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...

6.1CVSS5.8AI score0.00454EPSS
Exploits2References1
Prion
Prion
added 2024/01/16 4:15 p.m.12 views

Cross site scripting

The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...

5.8CVSS6.3AI score0.00454EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.6 views

CVE-2024-0239 Contact Form 7 Connector < 1.2.3 - Reflected XSS

The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators...

6.1AI score0.00454EPSS
Exploits2References1
Rows per page
Query Builder