2 matches found
Cross site request forgery (csrf)
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its deletecf7data and exportcf7data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The...
PT-2021-16285 · WordPress · Contact Form Advanced Database
Name of the Vulnerable Software and Affected Versions: Contact Form Advanced Database WordPress plugin versions 1.0.8 and earlier Description: The issue concerns the lack of authorization and CSRF checks in the delete cf7 data and export cf7 data AJAX actions, which are accessible to any...