2 matches found
WordPress PDF Builder for WPForms Plugin <= 1.2.116 is vulnerable to Full Path Disclosure (FPD)
Software PDF Builder for WPForms Type Plugin Vulnerable versions = 1.2.116 Fixed in 1.2.117 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-7414 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c08822324936 Credits stealthcopt...
CVE-2024-7414 PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure
The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. This is due to the plugin allowing direct access to the composer-setup.php file which has displayerrors on. This makes it possible for unauthenticated attackers to...