ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Contact Form Generator Plugin <= 2.0.1 - Multiple CSRF Vulnerabilities

Product
Contact Form Generator
Description
These multiple vulnerabilities allow an attacker to create form field and inject HTML or JavaScript code without any permission. Also, an attacker can upload form field by injecting HTML or JavaScript code. The same is with templates creation and update.
Solution
Upgrade the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Exploit-DB
CVE
Name CVE- 2015-6965
Versions
Affected In <= 2.0.1
Fixed In 2.0.2
Disclosure date
2015-09-06
Credits
i0akiN SEC-LABORATORY