Описание
Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php.
Ссылки
- Exploit
- Exploit
- Third Party AdvisoryVDB Entry
- Exploit
- Patch
- Exploit
- Exploit
- Third Party AdvisoryVDB Entry
- Exploit
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cfdbplugin:contact_form_db:2.8.31:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 41%
0.00189
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php.
EPSS
Процентиль: 41%
0.00189
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352