CVE-2021-24278 - OpenCVE

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Querysol	Redirection For Contact Form 7

Configuration 1 [-]

cpe:2.3:a:querysol:redirection_for_contact_form_7:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413
https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-05-14T11:38:17

Updated: 2024-08-03T19:28:23.300Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24278

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-14T12:15:08.197

Modified: 2021-05-17T19:17:12.053

Link: CVE-2021-24278

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Redirection for Contact Form 7", "vendor": "Query Solutions", "versions": [{"lessThan": "2.3.4", "status": "affected", "version": "2.3.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chloe Chamberland"}], "descriptions": [{"lang": "en", "value": "In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-14T11:38:17", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413"}, {"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/"}], "source": {"discovery": "UNKNOWN"}, "title": "Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24278", "STATE": "PUBLIC", "TITLE": "Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Redirection for Contact Form 7", "version": {"version_data": [{"version_affected": "<", "version_name": "2.3.4", "version_value": "2.3.4"}]}}]}, "vendor_name": "Query Solutions"}]}}, "credit": [{"lang": "eng", "value": "Chloe Chamberland"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863 Incorrect Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413"}, {"name": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:28:23.300Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24278", "datePublished": "2021-05-14T11:38:17", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:28:23.300Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:querysol:redirection_for_contact_form_7:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F3E1A627-7160-4591-944C-5AEA2D9B3C58", "versionEndExcluding": "2.3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function."}, {"lang": "es", "value": "En el plugin de WordPress Redirection for Contact Form versiones 7 anteriores a 2.3.4, los usuarios no autenticados pueden usar la acci\u00f3n AJAX wpcf7r_get_nonce para recuperar un nonce v\u00e1lido para cualquier acci\u00f3n o funci\u00f3n de WordPress"}], "id": "CVE-2021-24278", "lastModified": "2021-05-17T19:17:12.053", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-14T12:15:08.197", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "contact@wpscan.com", "type": "Primary"}]}