Lucene search
+L

4 matches found

OSV
OSV
added 2021/12/13 11:15 a.m.4 views

CVE-2021-24790

The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its deletecf7data and exportcf7data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The...

4.3CVSS5.9AI score0.0037EPSS
Exploits2References1
Prion
Prion
added 2021/12/13 11:15 a.m.19 views

Cross site request forgery (csrf)

The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its deletecf7data and exportcf7data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The...

4CVSS5AI score0.0037EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/12/13 10:40 a.m.57 views

CVE-2021-24790

The CVE pertains to the WordPress plugin Contact Form Advanced Database (versions ≤ 1.0.8). The vulnerability arises from missing authorization checks and CSRF protection in two AJAX endpoints, delete_cf7_data and export_cf7_data, which are accessible to any authenticated user (down to subscriber...

4.3CVSS4.8AI score0.0037EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.19 views

Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls

The plugin does not have any authorisation as well as CSRF checks in its deletecf7data and exportcf7data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The deletecf7data would lead to arbitrary metadata deletion, as well ...

4.3CVSS5.5AI score0.0037EPSS
Exploits2Affected Software1
Rows per page
Query Builder