Contact Form by WD <= 1.13.4 - Cross-Site Request Forgery to LFI



Description
Plugin Contact Form by WD suffers from CSRF issues that could lead to an LFI attack.

Affects Plugin

fixed in version 1.13.5

References

PACKETSTORM 152399
URL https://pvagenas.com/vulnerabilities/contact-form-by-wd-csrf/
URL https://plugins.trac.wordpress.org/changeset/2063502/contact-form-maker
URL https://seclists.org/fulldisclosure/2019/Apr/11

Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352

Miscellaneous

Original Researcher p4n
Submitter Website https://pvagenas.com
Submitter Twitter panVagenas
Views 3144
Verified No
WPVDB ID 9252

Timeline

Publicly Published 2019-04-05 (20 days ago)
Added 2019-04-10 (15 days ago)
Last Updated 2019-04-10 (15 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.