WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability
CVE-2023-39920
7.5HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 13 December 2024
What is CVE-2023-39920?
The Themeisle Redirection for Contact Form 7 plugin harbors a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control settings. This flaw can impact versions of the plugin from n/a to 2.9.2, enabling malicious actors to bypass intended restrictions and gain unauthorized access to resources or sensitive data. Proper configuration and updates are crucial to mitigate potential exploitation.
Affected Version(s)
Redirection for Contact Form 7 <= 2.9.2