The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any authenticated users, which could allow users with a role as low as subscriber to call them. The delete_cf7_data would lead to arbitrary metadata deletion, as well as PHP Object Injection if a suitable gadget chain is present in another plugin, as user data is passed to the maybe_unserialize() function without being first validated.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/adc5dd9b-0781-4cea-8cc5-2c10ac35b968 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-12-13T10:40:54
Updated: 2021-12-13T10:40:54
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24790
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-13T11:15:08.593
Modified: 2022-10-24T16:35:12.407
Link: CVE-2021-24790
JSON object: View
Redhat Information
No data.