The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts
CPE | Name | Operator | Version |
---|---|---|---|
contact-form-with-captcha | eq | * |