Posted by dxw Security on Mar 04
Details
================
Software: Contact Form DB
Version: 2.8.29
Homepage: https://wordpress.org/plugins/contact-form-7-to-database-extension/
Advisory report:
https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-delete-all-stored-form-submissions/
CVE: CVE-2015-1874
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)
Description
================
CSRF in Contact Form DB allows attacker to delete all stored form…