Contact Form by WD <= 1.13.4 - Cross-Site Request Forgery to LFI



Description
Plugin Contact Form by WD suffers from CSRF issues that could lead to an LFI attack.

Affects Plugin

fixed in version 1.13.5

References

CVE 2019-11591
PACKETSTORM 152399
URL https://pvagenas.com/vulnerabilities/contact-form-by-wd-csrf/
URL https://plugins.trac.wordpress.org/changeset/2063502/contact-form-maker
URL https://seclists.org/fulldisclosure/2019/Apr/11

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher p4n
Submitter Website https://pvagenas.com
Submitter Twitter panVagenas
Views 7471
Verified No
WPVDB ID 9252

Timeline

Publicly Published 2019-04-05 (7 months ago)
Added 2019-04-10 (7 months ago)
Last Updated 2019-11-01 (13 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin