Description
WordPress Plugin Contact Form 7 is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently predict next values of the content of CAPTCHA. WordPress Plugin Contact Form 7 version 4.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.1.1 or latest
References
Related Vulnerabilities
phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)
WordPress Plugin The Sorter SQL Injection (1.0)
MySQL CVE-2018-2576 Vulnerability (CVE-2018-2576)
Apache HTTP Server CVE-2013-2249 Vulnerability (CVE-2013-2249)
Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801)