{"vulnerability": "cve-2021-24565", "sightings": [{"uuid": "2c09f6eb-5986-47a1-ae12-79a54afd35da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24565", "type": "seen", "source": "https://t.me/cibsecurity/27695", "content": "\u203c CVE-2021-24565 \u203c\n\nThe Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them. Furthermore, the settings are not escaped when output in attributes, leading to a Stored Cross-Site Scripting issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:23:14.000000Z"}]}