Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.
References
Configurations
History
27 Feb 2023, 19:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 | |
CPE | cpe:2.3:a:hasthemes:extensions_for_cf7:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (MISC) https://patchstack.com/database/vulnerability/extensions-for-cf7/wordpress-extensions-for-cf7-contact-form-7-database-conditional-fields-and-redirection-plugin-2-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve - Third Party Advisory |
17 Feb 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-17 15:15
Updated : 2024-02-04 23:14
NVD link : CVE-2023-23899
Mitre link : CVE-2023-23899
CVE.ORG link : CVE-2023-23899
JSON object : View
Products Affected
hasthemes
- extensions_for_cf7
CWE
CWE-352
Cross-Site Request Forgery (CSRF)