Lucene search

WordfenceVULNRICHMENT:CVE-2024-3723

HistoryJun 11, 2024 - 5:33 a.m.

CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

2024-06-1105:33:40

Wordfence

github.com

wordpress plugin vulnerability sensitive information exposure unauthenticated attackers.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:vsourz:advanced_cf7_db:-:*:*:*:*:wordpress:*:*"
    ],
    "vendor": "vsourz",
    "product": "advanced_cf7_db",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.0.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wordpress.org/plugins/advanced-cf7-db/#developers

www.wordfence.com/threat-intel/vulnerabilities/id/c9a1f1a1-4f0a-48b5-80c8-525b69006863?source=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-3723