CVE-2008-0198

Name of the Vulnerable Software and Affected Versions WP-ContactForm plugin for WordPress versions 1.5 alpha and earlier

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to perform actions as administrators. The vulnerable parameters are wpcf question, wpcf success msg, and wpcf error msg in the wp-admin/admin.php endpoint.

Recommendations For WP-ContactForm plugin for WordPress versions 1.5 alpha and earlier, consider disabling the parameters wpcf question, wpcf success msg, and wpcf error msg in the wp-admin/admin.php endpoint as a temporary workaround until a patch is available. Restrict access to the wp-admin/admin.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.