9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.5%
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.
Vendor | Product | Version | CPE |
---|---|---|---|
images_optimize_and_upload_cf7_project | images_optimize_and_upload_cf7 | * | cpe:2.3:a:images_optimize_and_upload_cf7_project:images_optimize_and_upload_cf7:*:*:*:*:*:*:*:* |
[
{
"vendor": "Unknown",
"product": "Images Optimize and Upload CF7",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "2.1.4"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.5%