3 matches found
CVE-2023-6630
CVE-2023-6630 : The WordPress plugin “Contact Form 7 – Dynamic Text Extension” ( 4.1.0); PatchStack lists 4.2.0 as the fix. Other sources corroborate the vulnerability and describe it as a broken access control issue with low overall CVSS (4.3). Actionable takeaway: apply the patch to affected in...
CVE-2023-6630 Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...
WordPress Contact Form 7 Dynamic Text Extension Plugin <= 4.1.0 is vulnerable to Broken Access Control
Software Contact Form 7 Dynamic Text Extension Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6630 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e817a16730df Credits Francesc...