Description
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cryptocurrency Widgets Pack SQL Injection (1.8.1)
WordPress Plugin Shopp Arbitrary File Upload (1.4)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5318)
MediaWiki Improper Privilege Management Vulnerability (CVE-2018-0503)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7861)