← Back

Querysol

querysol

5 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Redirection For Contact Form 7
redirection_for_contact_form_7
5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24282
1Querysol
1Redirection For Contact Form 7
Nov 21, 2024
May 14, 2021
N/A· v4
6.3 MEDIUM· v3
6.5 MEDIUM· v2
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker coul...Show more
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7r_reset_settings to reset the plugin’s settings, wpcf7r_add_action to add actions to a form, and more.Show less
CVE-2021-24281
1Querysol
1Redirection For Contact Form 7
Nov 21, 2024
May 14, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site.
CVE-2021-24280
1Querysol
1Redirection For Contact Form 7
Nov 21, 2024
May 14, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects.
CVE-2021-24279
1Querysol
1Redirection For Contact Form 7
Nov 21, 2024
May 14, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository.
CVE-2021-24278
1Querysol
1Redirection For Contact Form 7
Nov 21, 2024
May 14, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.