Lucene search

PatchstackCVELIST:CVE-2023-23990

HistoryMay 17, 2024 - 6:33 a.m.

CVE-2023-23990 WordPress Redirection for Contact Form 7 plugin <= 2.7.0 - Privilege Escalation vulnerability

2024-05-1706:33:39

CWE-269

Patchstack

www.cve.org

cve-2023-23990

wordpress redirection

contact form 7

privilege escalation

qube one ltd.

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through 2.7.0.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wpcf7-redirect",
    "product": "Redirection for Contact Form 7",
    "vendor": "Qube One Ltd.",
    "versions": [
      {
        "changes": [
          {
            "at": "2.8.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.7.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wpcf7-redirect/wordpress-redirection-for-contact-form-7-plugin-2-7-0-privilege-escalation-vulnerability?_s_id=cve

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-23990