{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2023-37982",
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "state": "PUBLISHED",
        "assignerShortName": "Patchstack",
        "dateReserved": "2023-07-11T11:35:05.915Z",
        "datePublished": "2023-12-19T20:07:31.264Z",
        "dateUpdated": "2024-08-02T17:23:27.772Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "collectionURL": "https://wordpress.org/plugins",
                    "defaultStatus": "unaffected",
                    "packageName": "cf7-salesforce",
                    "product": "Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms",
                    "vendor": "CRM Perks",
                    "versions": [
                        {
                            "changes": [
                                {
                                    "at": "1.3.4",
                                    "status": "unaffected"
                                }
                            ],
                            "lessThanOrEqual": "1.3.3",
                            "status": "affected",
                            "version": "n/a",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "type": "finder",
                    "user": "00000000-0000-4000-9000-000000000000",
                    "value": "Le Ngoc Anh (Patchstack Alliance)"
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.<p>This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.</p>"
                        }
                    ],
                    "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3.\n\n"
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "NONE",
                        "baseScore": 4.7,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "LOW",
                        "integrityImpact": "NONE",
                        "privilegesRequired": "NONE",
                        "scope": "CHANGED",
                        "userInteraction": "REQUIRED",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-601",
                            "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
                "shortName": "Patchstack",
                "dateUpdated": "2023-12-19T20:07:31.264Z"
            },
            "references": [
                {
                    "tags": [
                        "vdb-entry"
                    ],
                    "url": "https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "Update to&nbsp;1.3.4 or a higher version."
                        }
                    ],
                    "value": "Update to 1.3.4 or a higher version."
                }
            ],
            "source": {
                "discovery": "EXTERNAL"
            },
            "title": "WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection",
            "x_generator": {
                "engine": "Vulnogram 0.1.0-dev"
            }
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T17:23:27.772Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "tags": [
                            "vdb-entry",
                            "x_transferred"
                        ],
                        "url": "https://patchstack.com/database/vulnerability/cf7-salesforce/wordpress-integration-for-contact-form-7-and-salesforce-plugin-1-3-3-open-redirection-vulnerability?_s_id=cve"
                    }
                ]
            }
        ]
    }
}