CVE-2015-1874

Currently unrated

Key Information:

Vendor: Wordpress
Status: Contact Form Db
Vendor: CVE Published:; 9 March 2015

Summary

Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php.

References

http://www.securityfocus.com/bid/72964

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/130654/WordPress-Con...

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Mar/21

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Mar 9, 2015
Vulnerability Reserved
Feb 17, 2015