CVE-2008-0198

Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html Broken Link Exploit Third Party Advisory
http://securityreason.com/securityalert/3539 Broken Link Third Party Advisory
http://securityvulns.ru/Sdocument546.html Broken Link Third Party Advisory
http://securityvulns.ru/Sdocument667.html Broken Link Third Party Advisory
http://websecurity.com.ua/1600/ Third Party Advisory
http://websecurity.com.ua/1641/ Third Party Advisory
http://www.securityfocus.com/archive/1/485786/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html Broken Link Exploit Third Party Advisory
http://securityreason.com/securityalert/3539 Broken Link Third Party Advisory
http://securityvulns.ru/Sdocument546.html Broken Link Third Party Advisory
http://securityvulns.ru/Sdocument667.html Broken Link Third Party Advisory
http://websecurity.com.ua/1600/ Third Party Advisory
http://websecurity.com.ua/1641/ Third Party Advisory
http://www.securityfocus.com/archive/1/485786/100/0/threaded Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:wp-contactform_project:wp-contactform:1.5:alpha:*:*:*:wordpress:*:*

History

21 Nov 2024, 00:41

Type Values Removed Values Added
References () http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html - Broken Link, Exploit, Third Party Advisory () http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html - Broken Link, Exploit, Third Party Advisory
References () http://securityreason.com/securityalert/3539 - Broken Link, Third Party Advisory () http://securityreason.com/securityalert/3539 - Broken Link, Third Party Advisory
References () http://securityvulns.ru/Sdocument546.html - Broken Link, Third Party Advisory () http://securityvulns.ru/Sdocument546.html - Broken Link, Third Party Advisory
References () http://securityvulns.ru/Sdocument667.html - Broken Link, Third Party Advisory () http://securityvulns.ru/Sdocument667.html - Broken Link, Third Party Advisory
References () http://websecurity.com.ua/1600/ - Third Party Advisory () http://websecurity.com.ua/1600/ - Third Party Advisory
References () http://websecurity.com.ua/1641/ - Third Party Advisory () http://websecurity.com.ua/1641/ - Third Party Advisory
References () http://www.securityfocus.com/archive/1/485786/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/485786/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry

02 Aug 2023, 19:11

Type Values Removed Values Added
References (BUGTRAQ) http://www.securityfocus.com/archive/1/485786/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/485786/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (MISC) http://securityvulns.ru/Sdocument667.html - (MISC) http://securityvulns.ru/Sdocument667.html - Broken Link, Third Party Advisory
References (MISC) http://websecurity.com.ua/1600/ - (MISC) http://websecurity.com.ua/1600/ - Third Party Advisory
References (MISC) http://websecurity.com.ua/1641/ - (MISC) http://websecurity.com.ua/1641/ - Third Party Advisory
References (SREASON) http://securityreason.com/securityalert/3539 - (SREASON) http://securityreason.com/securityalert/3539 - Broken Link, Third Party Advisory
References (MISC) http://securityvulns.ru/Sdocument546.html - (MISC) http://securityvulns.ru/Sdocument546.html - Broken Link, Third Party Advisory
References (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html - Exploit (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html - Broken Link, Exploit, Third Party Advisory
CPE cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wp-contactform_project:wp-contactform:1.5:alpha:*:*:*:wordpress:*:*

Information

Published : 2008-01-10 00:46

Updated : 2024-11-21 00:41


NVD link : CVE-2008-0198

Mitre link : CVE-2008-0198

CVE.ORG link : CVE-2008-0198


JSON object : View

Products Affected

wp-contactform_project

  • wp-contactform
CWE
CWE-352

Cross-Site Request Forgery (CSRF)