Lucene search
+L

4 matches found

Circl
Circl
added 2021/08/23 4:23 p.m.6 views

CVE-2021-24565

creationtimestamp| type| source ---|---|--- 2021-08-23 16:23:14+00:00| seen| https://t.me/cibsecurity/27695...

8.8CVSS8.1AI score0.00719EPSS
Exploits2References1
OSV
OSV
added 2021/08/23 12:15 p.m.2 views

CVE-2021-24565

The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manageoptions change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Si...

8.8CVSS7.3AI score0.00719EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/08/23 11:10 a.m.21 views

CVE-2021-24565 Contact Form 7 Captcha < 0.0.9 - CSRF to Stored XSS

The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manageoptions change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Si...

7.9AI score0.00719EPSS
Exploits2References2
CVE
CVE
added 2021/08/23 11:10 a.m.84 views

CVE-2021-24565

CVE-2021-24565 concerns the WordPress plugin Contact Form 7 Captcha (versions before 0.0.9). The vulnerability combines a CSRF weakness in the settings save flow with a Stored XSS risk caused by unescaped output in attributes. An attacker who has a logged-in user with the manage_options capabilit...

8.8CVSS7.9AI score0.00719EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder