VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 3 known issues Latest disclosed Jan 20, 2021

123ContactForm for WordPress Vulnerabilities

Review known vulnerability records for the WordPress plugin 123ContactForm for WordPress (`123contactform-for-wordpress`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
3
High or Critical
3
Linked CVEs
0
Last Updated
Jan 22, 2024
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for 123ContactForm for WordPress so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
3 records include a published patch path.
Severity Mix
2 critical and 1 high severity finding.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for 123ContactForm for WordPress

Sorted by latest disclosure date so newly published issues surface first.

Plugin Critical Patched: No
123ContactForm for WordPress <= 1.5.6 - Arbitrary File Upload

The 123ContactForm for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cfp_upload_image function in versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to upload arbitrary fil...

Published
Jan 20, 2021
Patched Release
Not published
Affected Versions
Versions up to 1.5.6
Next Step
Open the full report for remediation notes and references.
Open Full Report
Plugin High Patched: No
123ContactForm for WordPress <= 1.5.6 - Arbitrary Post Creation

The 123ContactForm for WordPress plugin for WordPress is vulnerable to Arbitrary Post Creation in versions up to, and including, 1.5.6. This is due to incorrect signature validation on the cfp_new_post function. This makes it possible for unauthenticated attackers to create arbit...

Published
Jan 20, 2021
Patched Release
Not published
Affected Versions
Versions up to 1.5.6
Next Step
Open the full report for remediation notes and references.
Open Full Report
Plugin Critical Patched: No
123ContactForm for WordPress <= 1.5.6 - Validation Bypass via Plugin Verification

The 123ContactForm plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cfp_connect() function in versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to trigger validation and inject their own p...

Published
Jan 19, 2021
Patched Release
Not published
Affected Versions
Versions up to 1.5.6
Next Step
Open the full report for remediation notes and references.
Open Full Report