Contact Form With Captcha Project: >> Contact Form With Captcha >> 1.5.1 Security Vulnerabilities
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-11-29