1 results (0.002 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42358 – Contact Form With Captcha <= 1.6.2 Cross-Site Request Forgery to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-42358
29 Nov 2021 — The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. El plugin Contact Form With Captcha de WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery debido a una falta de comprobación de nonce en el archivo ~/cfwc-form.php durante el envío del formulario de c... • https://plugins.trac.wordpress.org/browser/contact-form-with-captcha/trunk/cfwc-form.php#L17 • CWE-352: Cross-Site Request Forgery (CSRF) •