Vulnerabilities > Querysol > Redirection FOR Contact Form 7 > High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-14	CVE-2021-24278	Unspecified vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. network low complexity querysol	7.5
2021-05-14	CVE-2021-24280	Deserialization of Untrusted Data vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects. network low complexity querysol CWE-502	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.