WordPress Plugin Vulnerabilities

Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request.

Affects Plugins

Plugin icon
contact-form-7-style
No known fix

References

CVE
CVE-2021-4390
URL
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet
Verified
No
WPVDB ID
3afd35b9-65db-4b40-ab96-3f3d5c7e5bc2

Timeline

Publicly Published
2021-06-21 (about 4 years ago)
Added
2023-07-04 (about 2 years ago)
Last Updated
2023-07-04 (about 2 years ago)

Other

Published
Title
Published
2025-02-13
Title
My Login Logout Plugin <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-11-11
Title
Add Multiple Marker <= 1.3 - Settings Update via CSRF
Published
2023-01-27
Title
Exclusive Addons Elementor < 2.6.2 - Arbitrary Uninstall Reason Feedback via CSRF
Published
2024-01-08
Title
LiveChat Elementor < 1.0.14 - Cross-Site Request Forgery
Published
2024-01-19
Title
VK Block Patterns < 1.31.2.0 - Cross-Site Request Forgery