12 matches found
EUVD-2021-11073
Malware in sbrugna...
CVE-2021-24159
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clickin...
CVE-2024-34826 WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through = 1.6.4...
CVE-2024-34826 WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through 1.6.4...
CVE-2021-4390
The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managewppostsbeqesavepost function. This makes it possible for unauthenticated attackers to quick edit...
CVE-2021-4390 Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery Bypass
The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managewppostsbeqesavepost function. This makes it possible for unauthenticated attackers to quick edit...
CVE-2021-4390 Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery Bypass
The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managewppostsbeqesavepost function. This makes it possible for unauthenticated attackers to quick edit...
CVE-2021-4390
Affected software: WordPress with the Contact Form 7 Style plugin (versions up to and including 3.2). Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function, enabling unauthenticated attackers to quickly edit templates...
WordPress Contact Form 7 Style plugin <= 3.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Contact Form 7 Style plugin versions = 3.2. Solution This plugin has been closed as of February 1, 2021 and is not available for download. Reason: Security Issue...
Cross site request forgery (csrf)
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into...
CVE-2021-24159 Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clickin...
Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the plugin. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request coul...