WordPress Plugin Vulnerabilities

Contact Form 7 – PayPal & Stripe Add-on < 1.9.4 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.

Affects Plugins

Plugin icon
contact-form-7-paypal-add-on
Fixed in 1.9.4

References

CVE
CVE-2023-24405
URL
https://patchstack.com/database/vulnerability/contact-form-7-paypal-add-on/wordpress-contact-form-7-paypal-stripe-add-on-plugin-1-9-3-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
dd7eaddf-8d5d-4ac4-85a2-1060ab2b0b19

Timeline

Publicly Published
2023-03-17 (about 3 years ago)
Added
2023-07-10 (about 2 years ago)
Last Updated
2023-07-10 (about 2 years ago)

Other

Published
Title
Published
2025-06-05
Title
Recent Posts Slider Responsive <= 1.0.1 - Cross-Site Request Forgery
Published
2025-03-31
Title
wordpress related Posts with thumbnails <= 3.0.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-09
Title
Buddypress Humanity <= 1.2 - Cross-Site Request Forgery to Privilege Escalation
Published
2026-04-30
Title
WP Editor < 1.2.9.3 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor
Published
2023-11-17
Title
Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload