WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability
CVE-2023-39920

7.5HIGH

Key Information:

Vendor: WordPress
Status: Redirection For Contact Form 7
Vendor: CVE Published:; 13 December 2024

What is CVE-2023-39920?

The Themeisle Redirection for Contact Form 7 plugin harbors a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control settings. This flaw can impact versions of the plugin from n/a to 2.9.2, enabling malicious actors to bypass intended restrictions and gain unauthorized access to resources or sensitive data. Proper configuration and updates are crucial to mitigate potential exploitation.

Affected Version(s)

Redirection for Contact Form 7 <= 2.9.2

References

https://patchstack.com/database/wordpress/plugin/wpcf7-re...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Aug 7, 2023

Credit

Nguyen Anh Tien (Patchstack Alliance)