Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackMirphak (Patchstack Alliance)PATCHSTACK:96B58CF430679150557DCEA4CC2DB213
HistorySep 29, 2022 - 12:00 a.m.

WordPress Redirection for Contact Form 7 plugin <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability

2022-09-2900:00:00
mirphak (Patchstack Alliance)
patchstack.com
12
wordpress
redirection
contact form 7
plugin
unauthenticated
options change
content injection
patchstack alliance
exploitation
accessibe
script
update
version 2.6.0

0.001 Low

EPSS

Percentile

26.7%

JSON

Unauthenticated Options Change vulnerability discovered by mirphak (Patchstack Alliance) in WordPress Redirection for Contact Form 7 plugin (versions <= 2.4.0). Successful exploitation requires an additional extension (plugin) AccessiBe. An attacker can inject a script into the footer.

Solution

           Update the WordPress Redirection for Contact Form 7 plugin to the latest available version (at least 2.6.0).
CPENameOperatorVersion
redirection for contact form 7le2.4.0

Related

cve 1
prion 1
nvd 1
cvelist 1
cve
cve
CVE-2021-36913
2022-10-11 18:15:09
prion
prion
Design/Logic Flaw
2022-10-11 18:15:00
nvd
nvd
CVE-2021-36913
2022-10-11 18:15:09
cvelist
cvelist
CVE-2021-36913 Redirection for Contact Form 7 <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability
2022-09-29 00:00:00

0.001 Low

EPSS

Percentile

26.7%

JSON
Related for PATCHSTACK:96B58CF430679150557DCEA4CC2DB213
cve1prion1nvd1cvelist1