cleantalk
Vulnerabilities and Security Researches

Custom Skins Contact Form 7, CVE-2024-12341

CVE, Research URL

CVE-2024-12341

Home page URL

Security reports for Custom Skins Contact Form 7

Application

Custom Skins Contact Form 7

Published on
Dec 12, 2024
Research Description
The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the content of any post and create new skins.
Affected versions
Min -, max 1.0.
Status
vulnerable
Previous vulnerability researches
Custom Skins Contact Form 7 (CVE-2024-12341) , Dec 13, 2024
New vulnerability
SecuPress Free — WordPress Security (CVE-2025-3452) , Apr 30, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-2893) , Apr 30, 2025
My Tickets (CVE-2025-3761) , Apr 29, 2025
Mang Board WP (CVE-2025-3435) , Apr 29, 2025
Church Admin (CVE-2025-39553) , Apr 29, 2025