CVE-2021-4390

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Jul 1, 2023

Updated: Nov 7, 2023

Summary

CVE-2021-4390 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Contact Form 7 Style plugin for WordPress. Versions up to and including 3.2 are susceptible to this issue. The root cause is insufficient nonce validation on the manage_wp_posts_be_qe_save_post() function. Attackers can exploit this flaw by crafting malicious requests and tricking administrators into executing them, enabling unauthenticated users to modify templates through quick edit functionality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft Office

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/klXbI_
https://www.cve.org/CVERecord?id=CVE-2021-4390
https://nvd.nist.gov/vuln/detail/CVE-2021-4390

Back to Vulnerability Database