2 matches found
CVE-2023-6449
The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7antiscriptfilename' function in versions up to, and including, 5.8.3. This makes it possible for...
WordPress Contact Form 7 Plugin <= 5.8.3 is vulnerable to Arbitrary File Upload
Software Contact Form 7 Type Plugin Vulnerable versions = 5.8.3 Fixed in 5.8.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6449 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 21a488c2a64b Credits István Márton Required privilege Editor...