CVE-2021-42358 in Contact Form with Captcha Plugininformazioni

Riassunto

di MITRE • 29/11/2021

The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsabile

Wordfence

Prenotare

14/10/2021

Divulgazione

29/11/2021

Moderazione

accettato

CPE

pronto

EPSS

0.00605

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!