Description
WordPress Plugin Country State City Dropdown CF7 is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently add states or cities to the dropdown. WordPress Plugin Country State City Dropdown CF7 version 2.7.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.2 or latest
References
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.11.3)
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
WordPress Plugin White Label CMS Cross-Site Scripting (2.2.8)