Description

WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently steal session data and possibly access admin areas of your website. WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool version 1.7.14 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.7.15 or latest

References

http://www.redsandmarketing.com/blog/security-vulnerability-contact-form-maker-plugin/

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3551)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)

WordPress Plugin Newsletter Cross-Site Scripting (3.2.6)

WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.8.3.4)

MySQL CVE-2014-2484 Vulnerability (CVE-2014-2484)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass