4 matches found
CVE-2021-24282
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7rresetsettings to reset the plugin’s settings, wpcf7raddaction to...
WordPress Redirection for Contact Form 7 Plugin < 2.3.4 Multiple Vulnerabilities
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24282
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7rresetsettings to reset the plugin’s settings, wpcf7raddaction to...
CVE-2021-24282
The CVE-2021-24282 entry applies to the WordPress plugin Redirection for Contact Form 7, affected versions prior to 2.3.4. The vulnerability arises from unauthenticated or poorly restricted AJAX actions that an authenticated user (e.g., a subscriber) can trigger to manipulate the plugin (examples...