WordPress Plugin Vulnerabilities

Contact Form 3.82 - Unauthorized Language Manipulation

Description

The Contact Form by BestWebSoft WordPress plugin was affected by an Unauthorized Language Manipulation security vulnerability.

Affects Plugins

Plugin icon
contact-form-plugin
Fixed in 3.82

References

URL
https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-1/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
ec09b5aa-7c0a-452f-be66-a475095dd51f

Timeline

Publicly Published
2015-01-22 (about 11 years ago)
Added
2015-01-22 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-04-11
Title
GEO my WordPress < 4.2 - Cross-Site Request Forgery
Published
2014-08-01
Title
Real Estate by Templatic - CSRF File Upload
Published
2025-04-04
Title
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms < 1.1.4 - Cross-Site Request Forgery
Published
2023-05-21
Title
Smart App Banner < 1.1.3 - Cross-Site Request Forgery (CSRF)
Published
2025-01-16
Title
WP-BlackCheck <= 2.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting