4 matches found
CVE-2024-12341
creationtimestamp| type| source ---|---|--- 2024-12-12 04:33:58+00:00| seen| https://infosec.exchange/users/cve/statuses/113637984688949211 2024-12-12 06:17:22+00:00| seen| https://t.me/cvedetector/12688...
CVE-2024-12341 Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation
The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7csactioncallback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2024-12341
CVE-2024-12341 affects the WordPress plugin Custom Skins Contact Form 7 (up to v1.0). The root cause is a missing capability check in the cf7cs_action_callback function, allowing authenticated users with Subscriber-level access or higher to modify data. The impact, as described in public CVE note...
CVE-2024-12341 Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation
The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7csactioncallback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acce...