关键信息 漏洞名称: WordPress Abandoned Contact Form 7 Plugin <= 2.0 is vulnerable to Broken Access Control 优先级: High priority 受影响版本: <= 2.0 修复状态: No official fix available 风险: CVE-2023-2822 - 描述: This vulnerability is highly dangerous and expected to become mass exploited. - 类型: Broken Access Control - 影响: A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user executing a certain higher privileged action. 解决方案: - Automatically mitigate vulnerabilities and keep your websites safe - Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. 时间线: - Reported by Developer17 on 29 May 2023 - Early warning sent out to Patchstack customers on 29 Jun 2023 - Published by Patchstack on 29 Jun 2023