Lucene search

WordfenceVULNRICHMENT:CVE-2024-4319

HistoryJun 11, 2024 - 5:33 a.m.

CVE-2024-4319 Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

2024-06-1105:33:40

Wordfence

github.com

wordpress

contact form 7 db

unauthenticated access

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘vsz_cf7_export_to_excel’ function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.

CNA Affected

[
  {
    "vendor": "vsourz1td",
    "product": "Advanced Contact form 7 DB",
    "versions": [
      {
        "status": "affected",
        "version": "*",
        "versionType": "semver",
        "lessThanOrEqual": "2.0.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/advanced-cf7-db/trunk/admin/class-advanced-cf7-db-admin.php#L1459

www.wordfence.com/threat-intel/vulnerabilities/id/2c66b185-fd4b-452d-890b-0f1850d8a7be?source=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for VULNRICHMENT:CVE-2024-4319