← back
CVE-2024-5808

WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF

CVSS 4.3 MEDIUMEPSS 0.2%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N