CVSS Score of 10 (low)


Published Jul 1, 2023
Updated: Nov 7, 2023
CWE ID 352


CVE-2021-4390, a vulnerability in the Contact Form 7 Style plugin for WordPress, allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) up to version 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. By tricking a site administrator into clicking on a link, attackers can forge requests and gain unauthorized access to quick edit templates. The vulnerability affects various products and can be remediated by updating to a version beyond 3.2. The potential danger posed to organizations is significant, with a risk score of 10 out of 10.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2021-4390 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options