CVE-2023-24405: WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF)
First published: Mon Jul 10 2023(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WPPlugin PayPal & Stripe Add-On | <1.9.4 |
Remedy
Update to 1.9.4 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2023-24405.
What is the severity of CVE-2023-24405?
The severity of CVE-2023-24405 is high with a CVSS score of 8.8.
What is the affected software of CVE-2023-24405?
The affected software of CVE-2023-24405 is Scott Paterson Contact Form 7 - PayPal & Stripe Add-on plugin <= 1.9.3 versions.
What is the description of CVE-2023-24405?
CVE-2023-24405 is a Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 - PayPal & Stripe Add-on plugin <= 1.9.3 versions.
How can I fix CVE-2023-24405?
To fix CVE-2023-24405, update the Scott Paterson Contact Form 7 - PayPal & Stripe Add-on plugin to version 1.9.4 or higher.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/description
- agent/author
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-latest
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/wpplugin
- canonical/wpplugin paypal & stripe add-on