4.3

CVE-2008-0198

Exploit

WP-ContactForm <= 1.5.1 - Cross-Site Request Forgery

Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
Mögliche Gegenmaßnahme
WP-ContactForm: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WP-ContactForm
Version *-1.5.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp-contactform ProjectWp-contactform Version1.5 Updatealpha SwPlatformwordpress
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.47
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://securityreason.com/securityalert/3539
Third Party Advisory
Broken Link
http://www.securityfocus.com/archive/1/485786/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://securityvulns.ru/Sdocument546.html
Third Party Advisory
Broken Link
http://securityvulns.ru/Sdocument667.html
Third Party Advisory
Broken Link
http://websecurity.com.ua/1600/
Third Party Advisory
http://websecurity.com.ua/1641/
Third Party Advisory