Description

WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently steal session data and possibly access admin areas of your website. WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool version 1.7.14 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.7.15 or latest

References

http://www.redsandmarketing.com/blog/security-vulnerability-contact-form-maker-plugin/

Related Vulnerabilities

PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10210)

IBM RTC Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2020-4547)

Jboss EAP CVE-2016-5018 Vulnerability (CVE-2016-5018)

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0227)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'swfupload.swf' Cross-Site Scripting (1.9.7)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass