Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS
Vulnerability Description
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress plugin Material Design for Contact Form安全漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Material Design for Contact Form 存在安全漏洞,该漏洞允许任何登录用户(角色低至订阅者)将任意选项设置为true,可能会通过破坏网站导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A