[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ff12b14s8frbDy5YNeVVVGbqlu2ooBjPj8xcKkAWofJk":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-274e5568-b600-4085-8406-9f9d5d4fc35a-contact-form-plugin","contact-form-authorization-bypass","Contact Form \u003C= 3.82 - Authorization Bypass","The Contact Form plugin WordPress is vulnerable to authorization bypass in versions up to, and including, 3.82. This is due to missing capability checks and nonce validation on the add and remove language AJAX functions. This makes it possible for authenticated subscriber+ attackers to use the AJAX actions to manipulate the language of the vulnerable service and potentially inject malicious web scripts.","contact-form-plugin",null,"\u003C=3.82","3.83","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Missing Authorization","2015-01-22 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F274e5568-b600-4085-8406-9f9d5d4fc35a?source=api-prod",3288]