CVE-2021-24280 - OpenCVE

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Querysol	Redirection For Contact Form 7

Configuration 1 [-]

cpe:2.3:a:querysol:redirection_for_contact_form_7:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/db4ba6b0-887e-4ec1-8935-ab21d369b329	Exploit Vendor Advisory
https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-05-14T11:38:17

Updated: 2021-05-14T11:38:17

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24280

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-05-14T12:15:08.260

Modified: 2021-05-17T19:11:50.240

Link: CVE-2021-24280

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"containers": {"cna": {"affected": [{"product": "Redirection for Contact Form 7", "vendor": "Query Solutions", "versions": [{"lessThan": "2.3.4", "status": "affected", "version": "2.3.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chloe Chamberland"}], "descriptions": [{"lang": "en", "value": "In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-14T11:38:17", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/db4ba6b0-887e-4ec1-8935-ab21d369b329"}], "source": {"discovery": "UNKNOWN"}, "title": "Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24280", "STATE": "PUBLIC", "TITLE": "Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Redirection for Contact Form 7", "version": {"version_data": [{"version_affected": "<", "version_name": "2.3.4", "version_value": "2.3.4"}]}}]}, "vendor_name": "Query Solutions"}]}}, "credit": [{"lang": "eng", "value": "Chloe Chamberland"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-502 Deserialization of Untrusted Data"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/"}, {"name": "https://wpscan.com/vulnerability/db4ba6b0-887e-4ec1-8935-ab21d369b329", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/db4ba6b0-887e-4ec1-8935-ab21d369b329"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24280", "datePublished": "2021-05-14T11:38:17", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-05-14T11:38:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:querysol:redirection_for_contact_form_7:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F3E1A627-7160-4591-944C-5AEA2D9B3C58", "versionEndExcluding": "2.3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects."}, {"lang": "es", "value": "En el plugin de WordPress Redirection for Contact Form versiones 7 anteriores a 2.3.4, cualquier usuario autenticado, como un suscriptor, pod\u00eda usar la acci\u00f3n AJAX import_from_debug para inyectar objetos PHP"}], "id": "CVE-2021-24280", "lastModified": "2021-05-17T19:11:50.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-14T12:15:08.260", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://wpscan.com/vulnerability/db4ba6b0-887e-4ec1-8935-ab21d369b329"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "contact@wpscan.com", "type": "Secondary"}]}