Lucene search

[email protected]CVE-2024-3723

HistoryJun 11, 2024 - 6:15 a.m.

CVE-2024-3723

2024-06-1106:15:10

[email protected]

web.nvd.nist.gov

wordpress

sensitive information exposure

advanced contact form 7 db

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.

Affected configurations

Vulners

Node

vsourz1tdadvanced_contact_form_7_dbRange≤2.0.2

CNA Affected

[
  {
    "vendor": "vsourz1td",
    "product": "Advanced Contact form 7 DB",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.0.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wordpress.org/plugins/advanced-cf7-db/#developers

www.wordfence.com/threat-intel/vulnerabilities/id/c9a1f1a1-4f0a-48b5-80c8-525b69006863?source=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2024-3723

nvd1 wpvulndb1 cvelist1 wordfence1