Vulnerabilities > Zestard > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-23 CVE-2024-1777 Cross-Site Request Forgery (CSRF) vulnerability in Zestard Admin Side Data Storage for Contact Form 7 1.0.0/1.1.0/1.1.1
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1.
network
low complexity
zestard CWE-352
4.3
4.3
2024-02-23 CVE-2024-1778 Missing Authorization vulnerability in Zestard Admin Side Data Storage for Contact Form 7 1.0.0/1.1.0/1.1.1
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1.
network
low complexity
zestard CWE-862
5.3
5.3
2023-06-15 CVE-2023-24420 Unspecified vulnerability in Zestard Admin Side Data Storage for Contact Form 7 1.0.0/1.1.0/1.1.1
Unauth.
network
low complexity
zestard
6.1
6.1