Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cfdbplugin | Contact Form Db | 2.8.31 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130654/WordPress-Contact-Form-DB-2.8.29-CroExploit
- http://seclists.org/fulldisclosure/2015/Mar/21Exploit
- http://www.securityfocus.com/bid/72964Third Party AdvisoryVDB Entry
- https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-dExploit
- https://wordpress.org/plugins/contact-form-7-to-database-extension/changelog/Patch
- http://packetstormsecurity.com/files/130654/WordPress-Contact-Form-DB-2.8.29-CroExploit
- http://seclists.org/fulldisclosure/2015/Mar/21Exploit
- http://www.securityfocus.com/bid/72964Third Party AdvisoryVDB Entry
- https://security.dxw.com/advisories/csrf-in-contact-form-db-allows-attacker-to-dExploit
- https://wordpress.org/plugins/contact-form-7-to-database-extension/changelog/Patch
FAQ
What is CVE-2015-1874?
CVE-2015-1874 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the auth...
How severe is CVE-2015-1874?
CVE-2015-1874 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1874?
Check the references section above for vendor advisories and patch information. Affected products include: Cfdbplugin Contact Form Db.