CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-1778

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.5%

CVSS Severity

CVSS v3 Score 4.3

References

https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L235
https://www.wordfence.com/threat-intel/vulnerabilities/id/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=cve
https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L235
https://www.wordfence.com/threat-intel/vulnerabilities/id/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=cve

Products affected by CVE-2024-1778

Zestard » Admin Side Data Storage For Contact Form 7 » Version: 1.0.0

cpe:2.3:a:zestard:admin_side_data_storage_for_contact_form_7:1.0.0
Zestard » Admin Side Data Storage For Contact Form 7 » Version: 1.1.0

cpe:2.3:a:zestard:admin_side_data_storage_for_contact_form_7:1.1.0
Zestard » Admin Side Data Storage For Contact Form 7 » Version: 1.1.1

cpe:2.3:a:zestard:admin_side_data_storage_for_contact_form_7:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-1778

Products

Pricing

Contact Us