Vulnerability Description
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redirection-For-Contact-Form7 | Redirection For Contact Form 7 | < 2.6.0 |
Related Weaknesses (CWE)
References
- https://patchstack.com/database/vulnerability/wpcf7-redirect/wordpress-redirectiThird Party Advisory
- https://wordpress.org/plugins/wpcf7-redirect/#developersProductThird Party Advisory
- https://patchstack.com/database/vulnerability/wpcf7-redirect/wordpress-redirectiThird Party Advisory
- https://wordpress.org/plugins/wpcf7-redirect/#developersProductThird Party Advisory
FAQ
What is CVE-2021-36913?
CVE-2021-36913 is a vulnerability with a CVSS score of 7.5 (HIGH). Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into th...
How severe is CVE-2021-36913?
CVE-2021-36913 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36913?
Check the references section above for vendor advisories and patch information. Affected products include: Redirection-For-Contact-Form7 Redirection For Contact Form 7.