CVE-2014-2265

Published Mar 14, 2014

Last updated 3 months ago

CVSS info 5.0

Overview

Description: Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9A9CC60-517D-4B9D-B7C8-D9C8D9F91B9B",
            "versionEndIncluding": "3.7.1"
          },
          {
            "criteria": "cpe:2.3:a:rocklobster:contact_form_7:3.6:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "289007CB-5048-4D41-B4EA-83D387E4A1F0"
          },
          {
            "criteria": "cpe:2.3:a:rocklobster:contact_form_7:3.7:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E228312C-BD7F-43D1-BC24-CA04AEF4B013"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References