WordPress Plugin Vulnerabilities

Cforms & CformsII <= 14.10.1 - CAPTCHA Bypass

Description

The cformsII plugin (slug: cforms) and its fork (slug: cforms2) have a CAPTCHA Bypass vulnerability. The MD5 hash for matching the answer is sent with the forms and so it can be overwritten. This is fixed in the fork (cforms2) with version 14.11 (see changelog for confirmation). The original delicious:days version (cforms) is left vulnerable.

Affects Plugins

Plugin icon
cforms
No known fix
Plugin icon
cforms2
Fixed in 14.11

References

URL
https://packetstormsecurity.com/files/#96729/
URL
http://cosine-security.blogspot.de/2010/12/cformsii-captcha-bypass-vulnerability.html

Miscellaneous

Submitter
Bastian Germann
Verified
No
WPVDB ID
57430c59-7e98-4ba4-894b-d7f58d7de531

Timeline

Publicly Published
2010-12-15 (about 15 years ago)
Added
2017-03-20 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2016-04-21
Title
iThemes Security <= 5.3.0 - Insecure Backup/Logfile Generation
Published
2014-08-01
Title
WordPress - Plupload Unspecified Cross-Site Scripting (XSS)
Published
2022-05-03
Title
Helpful < 4.5.15 - Votes Tampering
Published
2023-05-24
Title
Upload Resume <= 1.2.0 - Captcha Bypass
Published
2017-02-01
Title
WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API