What the vulnerability does
01Description
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
Explanation of Vulnerability in Simple Terms
The Integration for Contact Form 7 and Constant Contact plugin contains a deserialization vulnerability in versions up to 1.1.6. An attacker can send a specially crafted request over the network to deserialize untrusted data, leading to remote code execution on the site. No authentication or user interaction is required to exploit this flaw.
What an attacker can do
Run arbitrary code on the site and take full control of it.
Potential impact on your site
Complete site compromise: attacker can steal data, modify content, install malware, or delete everything.
Conditions required to exploit
Network access only; no authentication or user interaction needed.
Key dates
External resources
Related vulnerabilities