Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-24565: Changeset 2570402 – WordPress Plugin Repository

The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue.

CVE
#xss#csrf#js#wordpress#php#auth

contact-form-7-simple-recaptcha/tags/0.0.9/contact-form-7-simple-recaptcha.php

r2381935

r2570402

3

3

Plugin Name: Contact Form 7 Captcha

4

4

Description: Add No CAPTCHA reCAPTCHA to Contact Form 7 using [cf7sr-simple-recaptcha] shortcode

5

Version: 0.0.8

5

Version: 0.0.9

6

6

Author: 247wd

7

7

*/

53

53

    $cf7sr = true;

54

54

    $cf7sr\_key = get\_option('cf7sr\_key');

55

    return '<div id="cf7sr-' . uniqid() . '" class="cf7sr-g-recaptcha" data-sitekey="' . $cf7sr\_key

56

        . '"></div><span class="wpcf7-form-control-wrap cf7sr-g-recaptcha-invalid"></span>';

55

    return '<div id="cf7sr-' . uniqid() . '" class="cf7sr-g-recaptcha" data-sitekey="' . esc\_attr($cf7sr\_key)

56

        . '"></div><span class="wpcf7-form-control-wrap cf7sr-recaptcha"><input type="hidden" name="cf7sr-recaptcha" value="" class="wpcf7-form-control"></span>';

57

57

}

58

58

add\_shortcode('cf7sr-simple-recaptcha', 'cf7sr\_shortcode');

83

83

84

84

    if (empty($data\['g-recaptcha-response'\])) {

85

        $result->invalidate(array('type' => 'captcha', 'name' => 'cf7sr-g-recaptcha-invalid'), $message);

85

        $result->invalidate(array('type' => 'captcha', 'name' => 'cf7sr-recaptcha'), $message);

86

86

        return $result;

87

87

    }

93

93

    $response = json\_decode($body);

94

94

    if (!(isset ($response->success) && 1 == $response->success)) {

95

        $result->invalidate(array('type' => 'captcha', 'name' => 'cf7sr-g-recaptcha-invalid'), $message);

95

        $result->invalidate(array('type' => 'captcha', 'name' => 'cf7sr-recaptcha'), $message);

96

96

    }

97

97

117

117

        return;

118

118

    }

119

    if (!empty ($\_POST\['update'\])) {

120

        $cf7sr\_key = !empty ($\_POST\['cf7sr\_key'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_key'\]) : '';

119

    if (

120

        ! empty ($\_POST\['update'\])

121

        && ! empty($\_POST\['cf7sr\_nonce'\])

122

        && wp\_verify\_nonce($\_POST\['cf7sr\_nonce'\],'cf7sr\_update\_settings' )

123

    ) {

124

        $cf7sr\_key = ! empty ($\_POST\['cf7sr\_key'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_key'\]) : '';

121

125

        update\_option('cf7sr\_key', $cf7sr\_key);

122

126

123

        $cf7sr\_secret = !empty ($\_POST\['cf7sr\_secret'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_secret'\]) : '';

127

        $cf7sr\_secret = ! empty ($\_POST\['cf7sr\_secret'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_secret'\]) : '';

124

128

        update\_option('cf7sr\_secret', $cf7sr\_secret);

125

129

126

        $cf7sr\_message = !empty ($\_POST\['cf7sr\_message'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_message'\]) : '';

130

        $cf7sr\_message = ! empty ($\_POST\['cf7sr\_message'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_message'\]) : '';

127

131

        update\_option('cf7sr\_message', $cf7sr\_message);

128

132

146

150

        <form action="<?php echo $\_SERVER\['REQUEST\_URI'\]; ?>" method="POST">

147

151

            <input type="hidden" value="1" name="update">

152

            <?php wp\_nonce\_field( 'cf7sr\_update\_settings', 'cf7sr\_nonce' ); ?>

148

153

            <ul>

149

                <li><input type="text" style="width: 370px;" value="<?php echo $cf7sr\_key; ?>" name="cf7sr\_key"> Site key</li>

150

                <li><input type="text" style="width: 370px;" value="<?php echo $cf7sr\_secret; ?>" name="cf7sr\_secret"> Secret key</li>

151

                <li><input type="text" style="width: 370px;" value="<?php echo $cf7sr\_message; ?>" name="cf7sr\_message"> Invalid captcha error message</li>

154

                <li><input type="text" style="width: 370px;" value="<?php echo esc\_attr($cf7sr\_key); ?>" name="cf7sr\_key"> Site key</li>

155

                <li><input type="text" style="width: 370px;" value="<?php echo esc\_attr($cf7sr\_secret); ?>" name="cf7sr\_secret"> Secret key</li>

156

                <li><input type="text" style="width: 370px;" value="<?php echo esc\_attr($cf7sr\_message); ?>" name="cf7sr\_message"> Invalid captcha error message</li>

152

157

            </ul>

153

158

            <input type="submit" class="button-primary" value="Save Settings">

contact-form-7-simple-recaptcha/tags/0.0.9/readme.txt

r2381935

r2570402

4

4

Tags: captcha, recaptcha, new recaptcha, contact form 7, no captcha

5

5

Requires at least: 4.1.2

6

Tested up to: 5.5.1

7

Stable tag: 0.0.8

6

Tested up to: 5.8

7

Stable tag: 0.0.9

8

8

License: GPLv2 or later

9

9

License URI: http://www.gnu.org/licenses/gpl-2.0.html

18

18

Protect your Contact Form 7 forms from spam and abuse.<br>

19

19

Can be used to protect multiple forms on same page.<br>

20

Tested with Contact Form 7 version 5.2.2 and WordPress version 5.5.1<br>

20

Tested with Contact Form 7 version 5.4.2 and WordPress version 5.8<br>

21

21

Configure plugin from Settings => CF7 Simple Recaptcha.<br>

22

22

After configuration, add [cf7sr-simple-recaptcha] to any Contact Form 7 form.<br>

23

Added CSRF check and escaped attributes in Settings page.

23

24

24

25

== Installation ==

contact-form-7-simple-recaptcha/trunk/contact-form-7-simple-recaptcha.php

r2381935

r2570402

3

3

Plugin Name: Contact Form 7 Captcha

4

4

Description: Add No CAPTCHA reCAPTCHA to Contact Form 7 using [cf7sr-simple-recaptcha] shortcode

5

Version: 0.0.8

5

Version: 0.0.9

6

6

Author: 247wd

7

7

*/

53

53

    $cf7sr = true;

54

54

    $cf7sr\_key = get\_option('cf7sr\_key');

55

    return '<div id="cf7sr-' . uniqid() . '" class="cf7sr-g-recaptcha" data-sitekey="' . $cf7sr\_key

56

        . '"></div><span class="wpcf7-form-control-wrap cf7sr-g-recaptcha-invalid"></span>';

55

    return '<div id="cf7sr-' . uniqid() . '" class="cf7sr-g-recaptcha" data-sitekey="' . esc\_attr($cf7sr\_key)

56

        . '"></div><span class="wpcf7-form-control-wrap cf7sr-recaptcha"><input type="hidden" name="cf7sr-recaptcha" value="" class="wpcf7-form-control"></span>';

57

57

}

58

58

add\_shortcode('cf7sr-simple-recaptcha', 'cf7sr\_shortcode');

83

83

84

84

    if (empty($data\['g-recaptcha-response'\])) {

85

        $result->invalidate(array('type' => 'captcha', 'name' => 'cf7sr-g-recaptcha-invalid'), $message);

85

        $result->invalidate(array('type' => 'captcha', 'name' => 'cf7sr-recaptcha'), $message);

86

86

        return $result;

87

87

    }

93

93

    $response = json\_decode($body);

94

94

    if (!(isset ($response->success) && 1 == $response->success)) {

95

        $result->invalidate(array('type' => 'captcha', 'name' => 'cf7sr-g-recaptcha-invalid'), $message);

95

        $result->invalidate(array('type' => 'captcha', 'name' => 'cf7sr-recaptcha'), $message);

96

96

    }

97

97

117

117

        return;

118

118

    }

119

    if (!empty ($\_POST\['update'\])) {

120

        $cf7sr\_key = !empty ($\_POST\['cf7sr\_key'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_key'\]) : '';

119

    if (

120

        ! empty ($\_POST\['update'\])

121

        && ! empty($\_POST\['cf7sr\_nonce'\])

122

        && wp\_verify\_nonce($\_POST\['cf7sr\_nonce'\],'cf7sr\_update\_settings' )

123

    ) {

124

        $cf7sr\_key = ! empty ($\_POST\['cf7sr\_key'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_key'\]) : '';

121

125

        update\_option('cf7sr\_key', $cf7sr\_key);

122

126

123

        $cf7sr\_secret = !empty ($\_POST\['cf7sr\_secret'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_secret'\]) : '';

127

        $cf7sr\_secret = ! empty ($\_POST\['cf7sr\_secret'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_secret'\]) : '';

124

128

        update\_option('cf7sr\_secret', $cf7sr\_secret);

125

129

126

        $cf7sr\_message = !empty ($\_POST\['cf7sr\_message'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_message'\]) : '';

130

        $cf7sr\_message = ! empty ($\_POST\['cf7sr\_message'\]) ? sanitize\_text\_field($\_POST\['cf7sr\_message'\]) : '';

127

131

        update\_option('cf7sr\_message', $cf7sr\_message);

128

132

146

150

        <form action="<?php echo $\_SERVER\['REQUEST\_URI'\]; ?>" method="POST">

147

151

            <input type="hidden" value="1" name="update">

152

            <?php wp\_nonce\_field( 'cf7sr\_update\_settings', 'cf7sr\_nonce' ); ?>

148

153

            <ul>

149

                <li><input type="text" style="width: 370px;" value="<?php echo $cf7sr\_key; ?>" name="cf7sr\_key"> Site key</li>

150

                <li><input type="text" style="width: 370px;" value="<?php echo $cf7sr\_secret; ?>" name="cf7sr\_secret"> Secret key</li>

151

                <li><input type="text" style="width: 370px;" value="<?php echo $cf7sr\_message; ?>" name="cf7sr\_message"> Invalid captcha error message</li>

154

                <li><input type="text" style="width: 370px;" value="<?php echo esc\_attr($cf7sr\_key); ?>" name="cf7sr\_key"> Site key</li>

155

                <li><input type="text" style="width: 370px;" value="<?php echo esc\_attr($cf7sr\_secret); ?>" name="cf7sr\_secret"> Secret key</li>

156

                <li><input type="text" style="width: 370px;" value="<?php echo esc\_attr($cf7sr\_message); ?>" name="cf7sr\_message"> Invalid captcha error message</li>

152

157

            </ul>

153

158

            <input type="submit" class="button-primary" value="Save Settings">

contact-form-7-simple-recaptcha/trunk/readme.txt

r2381935

r2570402

4

4

Tags: captcha, recaptcha, new recaptcha, contact form 7, no captcha

5

5

Requires at least: 4.1.2

6

Tested up to: 5.5.1

7

Stable tag: 0.0.8

6

Tested up to: 5.8

7

Stable tag: 0.0.9

8

8

License: GPLv2 or later

9

9

License URI: http://www.gnu.org/licenses/gpl-2.0.html

18

18

Protect your Contact Form 7 forms from spam and abuse.<br>

19

19

Can be used to protect multiple forms on same page.<br>

20

Tested with Contact Form 7 version 5.2.2 and WordPress version 5.5.1<br>

20

Tested with Contact Form 7 version 5.4.2 and WordPress version 5.8<br>

21

21

Configure plugin from Settings => CF7 Simple Recaptcha.<br>

22

22

After configuration, add [cf7sr-simple-recaptcha] to any Contact Form 7 form.<br>

23

Added CSRF check and escaped attributes in Settings page.

23

24

24

25

== Installation ==

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907