WordPress Contact Form With Captcha Plugin Cross-Site Request Forgery (CSRF) Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the WordPress Contact Form With Captcha plugin. This vulnerability could allow a malicious actor to force higher-privileged users to execute unwanted actions under their current authentication.

This vulnerability was discovered and reported by LEE SE HYOUNG (hackintoanetwork).

The vulnerability is caused by a lack of CSRF protection in the plugin’s code. This allows an attacker to craft a malicious request that, when sent to a logged-in user, will cause the user to perform an unwanted action.

Severity:

The vulnerability has a CVSS 3.1 score of 7.1, which is considered to be high severity. This means that the vulnerability is moderately likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

All versions of the WordPress Contact Form With Captcha plugin are affected by this vulnerability.

Impact:

The ramifications of a Cross Site Request Forgery (CSRF) vulnerability are severe:

Unauthorized Actions: Attackers can force logged-in users, especially those with higher privileges, to execute actions they did not intend to perform.
Data Manipulation: This vulnerability can lead to data manipulation, content modification, and unauthorized changes to the website.
User Safety: CSRF attacks can compromise user data, affect user experience, and potentially damage your website’s reputation.

Recommendation:

There is currently no patched version of the WordPress Contact Form With Captcha plugin available. To mitigate the risk of exploitation, it is recommended that you disable the plugin until a patched version is released.

Given the gravity of this security concern, strongly recommend taking the following steps:

Temporary Deactivation: Since no patched version is available, consider temporarily deactivating the Contact Form With Captcha Plugin to minimize the vulnerability.
Regular Security Audits: Engage in routine security audits to proactively identify and address vulnerabilities WordPress website.
User Awareness: Educate users about safe online practices and caution them against clicking on unverified links or downloading suspicious files.
Alternative Solutions: Investigate alternative plugins or solutions for your contact form requirements while this issue remains unresolved.

It is important to note that there is currently no patched version of the WordPress Contact Form With Captcha plugin available. Therefore, it is important to disable the plugin until a patched version is released.

WordPress Contact Form With Captcha Plugin Cross-Site Request Forgery (CSRF) Vulnerability

Severity:

Affected Versions:

Impact:

Recommendation:

Related Articles

Mitigating High-Severity XSS Vulnerability in WooCommerce Ship to Multiple Addresses Plugin

Critical Cross-Site Scripting Vulnerability in Fast WP Speed Plugin

SQL Injection vulnerability in WordPress ChatBot Plugin

SQL Injection vulnerability in WordPress Horizontal Scrolling Announcement Plugin

Critical Broken Access Control Vulnerability in WP Travel Plugin

MailArchiver Plugin Severe Vulnerability

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin