CVE-2021-24689 Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read

2022-02-2809:06:04

CWE-22

WPScan

www.cve.org

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack

CNA Affected

[
  {
    "product": "Contact Forms – Drag & Drop Contact Form Builder",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0.5",
        "status": "affected",
        "version": "1.0.5",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/31824250-e0d4-4285-97fa-9880b363e075