Lucene search
+L

4 matches found

Circl
Circl
added 2024/12/12 4:33 a.m.12 views

CVE-2024-12341

creationtimestamp| type| source ---|---|--- 2024-12-12 04:33:58+00:00| seen| https://infosec.exchange/users/cve/statuses/113637984688949211 2024-12-12 06:17:22+00:00| seen| https://t.me/cvedetector/12688...

4.3CVSS8.7AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/12 3:23 a.m.26 views

CVE-2024-12341 Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation

The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7csactioncallback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS0.00356EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 3:23 a.m.47 views

CVE-2024-12341

CVE-2024-12341 affects the WordPress plugin Custom Skins Contact Form 7 (up to v1.0). The root cause is a missing capability check in the cf7cs_action_callback function, allowing authenticated users with Subscriber-level access or higher to modify data. The impact, as described in public CVE note...

4.3CVSS6.6AI score0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/12 3:23 a.m.9 views

CVE-2024-12341 Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation

The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7csactioncallback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acce...

4.3CVSS6.5AI score0.00356EPSS
Exploits0References2
Rows per page
Query Builder