PT-2022-10604 · Accessibe+1 · Accessibe+2

John Castro

Published

2022-10-11

Updated

2022-10-13

CVE-2021-36913

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Qube One Redirection for Contact Form 7 plugin version 2.4.0 and earlier

Description The issue allows unauthenticated attackers to change options and inject scripts into the footer HTML, potentially leading to content injection. This requires an additional extension, AccessiBe.

Recommendations For Qube One Redirection for Contact Form 7 plugin version 2.4.0 and earlier, update to a version later than 2.4.0 to resolve the issue.

Fix

Special Elements Injection

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-284

Related Identifiers

CVE-2021-36913

Affected Products

Accessibe

Contact Form 7

Qube One Redirection For Contact Form 7

PT-2022-10604 · Accessibe+1 · Accessibe+2

CVE-2021-36913

Weakness Enumeration

Related Identifiers

Affected Products

References · 4