CVE-2021-36913 An Injection vulnerability in the Qube One plugin for Contact Form 7 allows attackers to change options and inject scripts into the footer HTML.

Unauthenticated user can inject malicious script in the footer of your website. The attack vector is in the redirection setting of the plugin. The settings of the plugin can be changed by an unauthenticated user. The attacker can change the setting of the plugin and inject malicious script into the footer. HTML of the footer will be injected with malicious script. If you are using a Contact Form 7 plugin, you should update to the latest version of the plugin. Contact Form 7 plugin is updated regularly. Unauthenticated user can inject malicious script in the footer of your website. The attack vector is in the redirection setting of the plugin. The settings of the plugin can be changed by an unauthenticated user. The attacker can change the setting of the plugin and inject malicious script into the footer. HTML of the footer will be injected with malicious script. If you are using a Contact Form 7 plugin, you should update to the latest version of the plugin. Contact Form 7 plugin is updated regularly. Unauthenticated user can inject malicious script in the footer of your website. The attack vector is in the redirection setting of the plugin. The settings of the plugin can be changed by an unauthenticated user. The attacker can change the setting of the plugin and inject malicious script into the footer. HTML of the footer will be injected with malicious script. If you are using a Contact Form 7 plugin, you should update to the latest version of the plugin

How to stay safe from Contact Form 7 Unauthenticated User Injection?

There is no way to protect yourself from the attack vector of Contact Form 7 Unauthenticated user injection. However, you can take preventative measures to protect your website.
If you have a WordPress website, it is recommended to use a CDN (Content Delivery Network) and also consider using a firewall. CDN and firewall act as barriers between your public facing website and internet-facing resources that may be infected with malware. You should also consider using SSL certificates on your public facing website.

Timeline

Published on: 10/11/2022 18:15:00 UTC
Last modified on: 10/13/2022 17:09:00 UTC

References

• https://patchstack.com/database/vulnerability/wpcf7-redirect/wordpress-redirection-for-contact-form-7-plugin-2-4-0-unauthenticated-options-change-vulnerability?_s_id=cve
• https://wordpress.org/plugins/wpcf7-redirect/#developers
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36913