Your Basket
Cyber security for any size of business
CREST member company
Team of friendly certified experts
contact form 7 vulnerability

contact form 7 vulnerability

Contact Form 7 Vulnerability was published by our penetration tester, Hannah Sharp, in February of 2014. The Rock Lobster Contact Form 7 Wordpress plugin, prior to version 3.7.2, could allow remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.

The Contact Form 7 vulnerability was discovered by Hannah Sharp during a routine penetration test of our own website following the deployment of the latest plugin updates. Rock Lobster was contacted immediately and was very quick to turn around the fix and updates. The vulnerability was published under CVE-2014-2265.

Author Hannah Sharp
Affected Contact Form 7 Wordpress Plugin
Issue It is possible to bypass the Captcha challenge by omitting the _wpcf7_captcha_challenge_captcha-719 value
Risk No anti-robot protection on the for can result in misuse of the form by spammers
CVE CVE-2014-2265
CVSS 5.0
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
Access Complexity Low
Authentication Not Required
Access Gained None
Vulnerability Type Bypass a restriction
CWE 264

Sign up to our newsletter

Keep up to date with the latest cyber security news and updates with our newsletter