3 matches found
CVE-2024-6317
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the...
CVE-2024-6317 Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion
The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the...
WordPress Generate PDF using Contact Form 7 Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Generate PDF using Contact Form 7 Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6317 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 8ce1a2d4086e Credits...