Vulnerability in Rocklobster Contact_form_7

CVE-2014-2265

Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.

EPSS: 0.031 (85.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2014-2265?
CVE-2014-2265 is a vulnerability in Rocklobster Contact_form_7, classified under CWE-264. Published 2014-03-14.
Is CVE-2014-2265 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.