WordPress Contact Form Advanced Database plugin <= 1.0.8 - Unauthorized AJAX Calls vulnerability

2021-11-1500:00:00

Quentin VILLAIN (3wsec)

patchstack.com

0.001 Low

EPSS

Percentile

21.2%

JSON

Unauthorized AJAX Calls vulnerability discovered by Quentin VILLAIN (3wsec) in WordPress Contact Form Advanced Database plugin (versions <= 1.0.8).

Solution

Deactivate and delete. This plugin has been closed as of September 27, 2021 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
contact form advanced databasele1.0.8

CPE	Name	Operator	Version
	contact form advanced database	le	1.0.8

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24790

wordpress.org/plugins/contact-form-advanced-database/

wpscan.com/vulnerability/adc5dd9b-0781-4cea-8cc5-2c10ac35b968

0.001 Low

EPSS

Percentile

21.2%

JSON

Related for PATCHSTACK:008F85823C26FF2ABF3E9381494D64B7