Full Disclosure

CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin)

March 4, 2015 007admin Leave a comment

Posted by dxw Security on Mar 04

Details
================
Software: Contact Form DB
Version: 2.8.29
Homepage: https://wordpress.org/plugins/contact-form-7-to-database-extension/
Advisory report:
https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-delete-all-stored-form-submissions/
CVE: CVE-2015-1874
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description
================
CSRF in Contact Form DB allows attacker to delete all stored form…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information