CVE-2021-42358 in Contact Form with Captcha Plugin
Riassunto
di MITRE • 29/11/2021
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.