CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-20979

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile40.19th
Published2019年8月22日
Last Modified2024年11月21日

Vulnerability Description

The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.

Affected Platforms (CPE)

📦
Rocklobster

Contact Form 7

< 5.0.4

References & Advisories

🔗 https://wordpress.org/plugins/contact-form-7/#developers
🔗 https://wordpress.org/plugins/contact-form-7/#developers

相關漏洞威脅

CVE-2020-3548910.0

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code executio...

CVE-2020-128009.8

The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remo...

CVE-2019-170729.8

The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via...

CVE-2020-103749.8

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via...