Privilege Escalation Vulnerability in Redirection for Contact Form 7
CVE-2023-23990

7.6HIGH

Key Information:

Vendor: WordPress
Status: Redirection For Contact Form 7
Vendor: CVE Published:; 17 May 2024

Summary

The vulnerability in the Redirection for Contact Form 7 plugin from Qube One Ltd. arises from improper privilege management. This flaw allows unauthorized users to escalate their privileges, potentially leading to unauthorized actions within the WordPress environment. Affected versions include all preceding version 2.7.0, posing a risk for web administrators and site integrity. It is crucial to apply the necessary patches to safeguard against possible exploitation.

Affected Version(s)

Redirection for Contact Form 7 <= 2.7.0

References

https://patchstack.com/database/vulnerability/wpcf7-redir...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Jan 20, 2023

Credit

Rafie Muhammad (Patchstack)