Описание
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.
Ссылки
- Product
- Third Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.1 (включая)
cpe:2.3:a:zestard:admin_side_data_storage_for_contact_form_7:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 39%
0.00174
Низкий
4.3 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
почти 2 года назад
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.
EPSS
Процентиль: 39%
0.00174
Низкий
4.3 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-862