Vigil@nce - WordPress Contact Form 7: bypassing captcah based access control
October 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can automatically guess the answer of a captcha from
WordPress Contact Form 7, in order to bypass access restrictions.
Impacted products: WordPress Plugins not comprehensive.
Severity: 1/4.
Creation date: 23/09/2015.
DESCRIPTION OF THE VULNERABILITY
The Contact Form 7 plugin can be installed on WordPress.
It implements an access control method based on captchas. However,
the result of the challenge is guessable
An attacker can therefore automatically guess the answer of a
captcha from WordPress Contact Form 7, in order to bypass access
restrictions.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN