Lucene search
K

4 matches found

Patchstack
Patchstack
added 2024/07/22 12:0 a.m.9 views

WordPress Conditional Fields for Contact Form 7 Plugin <= 2.4.13 is vulnerable to Cross Site Request Forgery (CSRF)

Software Conditional Fields for Contact Form 7 Type Plugin Vulnerable versions = 2.4.13 Fixed in 2.4.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5804 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e1825173a8a1...

4.3CVSS6.7AI score0.00219EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/20 2:15 a.m.13 views

CVE-2024-5804

The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cfadmininit function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/20 2:2 a.m.12 views

CVE-2024-5804 Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset

The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cfadmininit function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS6.5AI score0.00219EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/20 2:2 a.m.18 views

CVE-2024-5804 Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset

The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cfadmininit function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS0.00219EPSS
Exploits0References3
Rows per page
Query Builder