CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-1779

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.5%

CVSS Severity

CVSS v3 Score 5.3

References

https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213
https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve
https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213
https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve

Products affected by CVE-2024-1779

Zestard » Admin Side Data Storage For Contact Form 7 » Version: 1.0.0

cpe:2.3:a:zestard:admin_side_data_storage_for_contact_form_7:1.0.0
Zestard » Admin Side Data Storage For Contact Form 7 » Version: 1.1.0

cpe:2.3:a:zestard:admin_side_data_storage_for_contact_form_7:1.1.0
Zestard » Admin Side Data Storage For Contact Form 7 » Version: 1.1.1

cpe:2.3:a:zestard:admin_side_data_storage_for_contact_form_7:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-1779

Products

Pricing

Contact Us