Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-24278
HistoryMay 14, 2021 - 12:15 p.m.

CVE-2021-24278

2021-05-1412:15:08
CWE-863
[email protected]
web.nvd.nist.gov
62
cve-2021-24278
wordpress
plugin
security vulnerability
redirection
unauthenticated access

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.

Affected configurations

Vulners
NVD
Node
query_solutionsredirection_for_contact_form_7Range<2.3.4

CNA Affected

[
  {
    "product": "Redirection for Contact Form 7",
    "vendor": "Query Solutions",
    "versions": [
      {
        "lessThan": "2.3.4",
        "status": "affected",
        "version": "2.3.4",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
wpexploit 1
nvd 1
cvelist 1
wpvulndb 1
nuclei 1
openvas 1
prion
prion
Design/Logic Flaw
2021-05-14 12:15:00
wpexploit
wpexploit
Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
2021-04-20 00:00:00
nvd
nvd
CVE-2021-24278
2021-05-14 12:15:08
cvelist
cvelist
CVE-2021-24278 Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
2021-05-14 11:38:17
wpvulndb
wpvulndb
Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
2021-04-20 00:00:00
nuclei
nuclei
WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
2021-11-26 23:32:48
openvas
openvas
WordPress Redirection for Contact Form 7 Plugin < 2.3.4 Multiple Vulnerabilities
2021-06-04 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON
Related for CVE-2021-24278
prion1wpexploit1nvd1cvelist1wpvulndb1nuclei1openvas1