WordPress plugin Cost Calculator Builder PRO security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-3585

The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about...

CVE-2024-3585

CVE-2024-3585 describes a vulnerability in the Send PDF for Contact Form 7 plugin for WordPress. It permits unauthenticated access to form submissions (including PDFs) due to a missing capability check on the hooks function in all versions up to and including 1.0.2.3, enabling information exposur...

WordPress plugin Send PDF for Contact Form 7 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin...

WordPress Send PDF for Contact Form 7 plugin <= 1.0.2.3 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin Send PDF for Contact Form 7 versions = 1.0.2.3...

WordPress Send PDF for Contact Form 7 Plugin <= 1.0.2.3 is vulnerable to Broken Access Control

Software Send PDF for Contact Form 7 Type Plugin Vulnerable versions = 1.0.2.3 Fixed in 1.0.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3585 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 13d8f4997e3b Credits Krzysztof Zają...

Cross site scripting

The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...

WordPress Plugin Send PDF for Contact Form 7 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plug-in. A cross-site scripting...