CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2014-2265 — MEDIUM severity vulnerability | Release Alert
CVE-2014-2265
5
MEDIUMCVSS v2
Published
March 14, 2014
Affected
4 projects
Assigned by
MITRE
Severity scale
010
Description
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
WordPress Plugin Directory<p>Contact Form 7 is a plugin designed to be a practical tool for all WordPress users who embrace the philosophy of free and open source software. It employs sophisticatedly modularized architecture and its original <a href="https://contactform7.com/schema-woven-validation/" rel="nofollow ugc">Schema-Woven Validation</a> technology.</p>
<h4>Docs and support</h4>
<p>You can find <a href="https://contactform7.com/docs/" rel="nofollow ugc">docs</a>, <a href="https://contactform7.com/faq/" rel="nofollow ugc">FAQ</a> and more detailed information about Contact Form 7 on <a href="https://contactform7.com/" rel="nofollow ugc">contactform7.com</a>. When you cannot find the answer to your question on the FAQ or in any of the documentation, check the <a href="https://wordpress.org/support/plugin/contact-form-7/" rel="ugc">support forum</a> on WordPress.org. If you cannot locate any topics that pertain to your particular issue, post a new topic for it.</p>
<h4>Contact Form 7 needs your support</h4>
<p>It is hard to continue to maintain this plugin without support from users like you. There are several ways for you to <a href="https://contactform7.com/contributing/" rel="nofollow ugc">contribute to the project</a>: testing, coding, translating it into your local languages, helping other users, financial donations, etc, etc. We equally welcome you regardless of the way you contribute.</p>
<h4>Privacy notices</h4>
<p>With the default configuration, this plugin, in itself, does not:</p>
<ul>
<li>track users by stealth;</li>
<li>write any user personal data to the database;</li>
<li>send any data to external servers;</li>
<li>use cookies.</li>
</ul>
<p>If you activate certain features in this plugin, the contact form submitter’s personal data, including their IP address, may be sent to the service provider. Thus, confirming the provider’s privacy policy is recommended. These features include:</p>
<ul>
<li>reCAPTCHA (<a href="https://policies.google.com/?hl=en" rel="nofollow ugc">Google</a>)</li>
<li>Akismet (<a href="https://automattic.com/privacy/" rel="nofollow ugc">Automattic</a>)</li>
<li><a href="https://www.constantcontact.com/legal/privacy-center" rel="nofollow ugc">Constant Contact</a></li>
<li><a href="https://www.brevo.com/legal/privacypolicy/" rel="nofollow ugc">Brevo</a></li>
<li><a href="https://stripe.com/privacy" rel="nofollow ugc">Stripe</a></li>
<li>Turnstile (<a href="https://www.cloudflare.com/turnstile-privacy-policy/" rel="nofollow ugc">Cloudflare</a>)</li>
</ul>
GitHubWordPress, Git-ified. This repository is just a mirror of the WordPress subversion repository. Please do not send pull requests. Submit pull requests to https://github.com/WordPress/wordpress-develop and patches to https://core.trac.wordpress.org/ instead.
RubyGemsThe Wordpress gem provides posting to a Wordpress.com blog or a self hosted wordpress by providing your username, password, login url(if you host your blog) and your blog content. With this gem, you have access to add a text entry on Wordpress blog by providing these options: title text, body text, and a tag array. You must include at least title text or body text with your post.
Posting images with posts, posting only images and pulling down your posts will be available very soon.