Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
Ссылки
- Broken LinkExploitThird Party Advisory
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploitThird Party Advisory
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wp-contactform_project:wp-contactform:1.5:alpha:*:*:*:wordpress:*:*
EPSS
Процентиль: 47%
0.00242
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
EPSS
Процентиль: 47%
0.00242
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352