Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and previous versions plugin for WordPress allow remote malicious users to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wp-contactform project wp-contactform 1.5 |