CVE-2015-1874 in Contact Form DBinfo

Summary

Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

02/17/2015

Disclosure

03/09/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
74382	Cfdbplugin Contact Form DB Authentication admin.php cross-site request forgery	352	Proof-of-Concept	Official fix	CVE-2015-1874

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!