First published: Tue Jul 30 2024(Updated: )
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress Ajax Contact Form | <=2.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-5808 has a medium severity rating due to its potential for CSRF attacks.
To fix CVE-2024-5808, update the WP Ajax Contact Form plugin to version 2.2.3 or later.
CVE-2024-5808 exploits a lack of CSRF checks when deleting emails from the email list in the WP Ajax Contact Form plugin.
Users of the WP Ajax Contact Form WordPress plugin version 2.2.2 and earlier are affected by CVE-2024-5808.
CVE-2024-5808 can allow attackers to perform unauthorized email deletions via CSRF attacks on logged-in admin users.