Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36913: WordPress Redirection for Contact Form 7 plugin <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability - Patchstack

Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.

CVE
Open in Source
#vulnerability#wordpress#auth

Verified

Fixed

7.5

CVSS 3.1 score High severity

Report

Monitoring Not reported to be exploited

Vulnerable versions

<= 2.4.0

PSID

09497b52a479

Classification

Other Vulnerability Type

OWASP Top 10

A2: Broken Authentication

Required privilege

Can be exploited remotely without any authentication.

Publicly disclosed

2022-09-29

Details

Unauthenticated Options Change vulnerability discovered by mirphak (Patchstack Alliance) in WordPress Redirection for Contact Form 7 plugin (versions <= 2.4.0). Successful exploitation requires an additional extension (plugin) AccessiBe. An attacker can inject a script into the footer.

Solution

Update the WordPress Redirection for Contact Form 7 plugin to the latest available version (at least 2.6.0).

References

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE