Cross-Site Request Forgery Vulnerability in Contact Form DB Plugin for WordPress
CVE-2015-1874

Currently unrated

Key Information:

Vendor: Wordpress
Status: Contact Form Db
Vendor: CVE Published:; 9 March 2015

What is CVE-2015-1874?

A cross-site request forgery (CSRF) vulnerability exists in the Contact Form DB plugin for WordPress, which allows remote attackers to hijack administrator authentication. This manipulation can lead to unauthorized requests that delete all records stored by the plugin. The vulnerability impacts versions prior to 2.8.32 and poses a significant risk if exploited, making it crucial for users to update their installations to protect against potential data loss.

References

http://www.securityfocus.com/bid/72964

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/130654/WordPress-Con...

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Mar/21

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2015
Vulnerability Reserved
Feb 17, 2015

Wordpress

What is CVE-2015-1874?

References

Timeline