WordPress Encrypted Contact Form Plugin 1.0.4 - CSRF
Encrypted Contact Form
Encrypted Contact Form plugin is prone to a cross-site request forgery vulnerability via unsanitized "post" parameter. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session.
Update the plugin.
Type Cross Site Request Forgery (CSRF) OWASP Top 10 A8: Cross Site Request Forgery (CSRF)