WordPress Plugin Vulnerabilities

Contact Form 7 Redirect & Thank You Page < 1.0.4 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions.

Affects Plugins

Plugin icon
cf7-redirect-thank-you-page
Fixed in 1.0.4

References

CVE
CVE-2023-24395
URL
https://patchstack.com/database/vulnerability/cf7-redirect-thank-you-page/wordpress-contact-form-7-redirect-thank-you-page-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
5062e32f-83f7-404f-9b4f-136083e916d4

Timeline

Publicly Published
2023-03-15 (about 3 years ago)
Added
2023-07-10 (about 2 years ago)
Last Updated
2023-07-10 (about 2 years ago)

Other

Published
Title
Published
2025-02-03
Title
Quote Comments <= 3.0.0 - Stored XSS via CSRF
Published
2025-07-16
Title
Theme Builder For Elementor < 1.2.4 - Cross-Site Request Forgery
Published
2022-07-05
Title
Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization
Published
2023-10-25
Title
Remove Add to Cart WooCommerce < 1.4.5 - Settings Update via CSRF
Published
2021-07-05
Title
CRM: Contact Management Simplified – UkuuPeople <= 1.6.3 - Unauthorised Favourite Addition/Deletion