Vulnerability Details : CVE-2014-2265
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
Exploit prediction scoring system (EPSS) score for CVE-2014-2265
Probability of exploitation activity in the next 30 days: 0.42%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-2265
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-2265
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2265
-
http://contactform7.com/2014/02/26/contact-form-7-372/
Contact Form 7 3.7.2 | Contact Form 7Patch;Vendor Advisory
-
https://www.cvedetails.com/cve/CVE-2014-2265/
CVE-2014-2265 : Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit a
-
http://wordpress.org/plugins/contact-form-7/changelog
Contact Form 7 – WordPress plugin | WordPress.org
-
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-contact-form-7-security-bypass-3-7-1/
WordPress Plugin Contact Form 7 Security Bypass (3.7.1) - Vulnerabilities - Acunetix
-
http://web.archive.org/web/20140727133642/http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/
ContactForm7 vulnerability - Hedgehog Security
Products affected by CVE-2014-2265
- cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:rocklobster:contact_form_7:3.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:rocklobster:contact_form_7:3.7:*:*:*:*:wordpress:*:*