WordPress Contact Form DB Plugin <= 2.8.31 - CSRF
- Product
- Contact Form DB
- Description
- Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that delete all plugin records.
- Solution
- Upgrade the plugin.
- Classification
-
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF) - References
-
CVE Mitre
- CVE
- Name CVE-2015-1874
- Versions
-
Affected In
<= 2.8.31
Fixed In 2.8.32 - Disclosure date
- 2015-02-17
- Credits
- Tom Adams