The cfp-connect AJAX call uses user input controlled data to perform the signature verification, attackers could craft these values ($message, $signature, $cf_pub_key) to bypass the validation mechanisms and inject their own public_key into the database.
BYPASS
2021-01-20 (about 1 years ago)
2021-01-20 (about 1 years ago)
2021-01-21 (about 1 years ago)