Description
WordPress Plugin Country State City Dropdown CF7 is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently add states or cities to the dropdown. WordPress Plugin Country State City Dropdown CF7 version 2.7.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.2 or latest
References
Related Vulnerabilities
WordPress Plugin Yes/No Chart SQL Injection (1.0.11)
WordPress 3.7.4 Multiple Vulnerabilities (3.7 - 3.7.4)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-1000658)
Artifactory Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-10036)
Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)