Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html - Broken Link, Exploit, Third Party Advisory | |
References | () http://securityreason.com/securityalert/3539 - Broken Link, Third Party Advisory | |
References | () http://securityvulns.ru/Sdocument546.html - Broken Link, Third Party Advisory | |
References | () http://securityvulns.ru/Sdocument667.html - Broken Link, Third Party Advisory | |
References | () http://websecurity.com.ua/1600/ - Third Party Advisory | |
References | () http://websecurity.com.ua/1641/ - Third Party Advisory | |
References | () http://www.securityfocus.com/archive/1/485786/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry |
02 Aug 2023, 19:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Wp-contactform Project wp-contactform
Wp-contactform Project |
|
References | (MISC) http://websecurity.com.ua/1641/ - Third Party Advisory | |
References | (MISC) http://securityvulns.ru/Sdocument667.html - Broken Link, Third Party Advisory | |
References | (MISC) http://securityvulns.ru/Sdocument546.html - Broken Link, Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/485786/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (MISC) http://websecurity.com.ua/1600/ - Third Party Advisory | |
References | (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html - Broken Link, Exploit, Third Party Advisory | |
References | (SREASON) http://securityreason.com/securityalert/3539 - Broken Link, Third Party Advisory | |
CPE | cpe:2.3:a:wp-contactform_project:wp-contactform:1.5:alpha:*:*:*:wordpress:*:* |
Information
Published : 2008-01-10 00:46
Updated : 2024-11-21 00:41
NVD link : CVE-2008-0198
Mitre link : CVE-2008-0198
CVE.ORG link : CVE-2008-0198
JSON object : View
Products Affected
wp-contactform_project
- wp-contactform
CWE
CWE-352
Cross-Site Request Forgery (CSRF)