Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1874

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2015-1874
Last Modified 10 Mar 2015 01:20:47
Published 09 Mar 2015 12:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1874

Summary

Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php.

Vulnerable Systems

Application

  • Cfdbplugin Contact Form Db 2.8.31


References

CONFIRM - https://wordpress.org/plugins/contact-form-7-to-database-extension/changelog/

MISC - https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-delete-all-stored-form-submissions/

FULLDISC - 20150304 CSRF in Contact Form DB allows attacker to delete all stored form submissions (WordPress plugin)

MISC - http://packetstormsecurity.com/files/130654/WordPress-Contact-Form-DB-2.8.29-Cross-Site-Request-Forgery.html


Last Updated: 27 May 2016 11:08:00