Vulnerability Details CVE-2021-24281
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.1%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- https://wpscan.com/vulnerability/daf12b85-f5ad-4261-ab39-be6840ad3cdc
- https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
- https://wpscan.com/vulnerability/daf12b85-f5ad-4261-ab39-be6840ad3cdc
- https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
Products affected by CVE-2021-24281
-
cpe:2.3:a:querysol:redirection_for_contact_form_7:*