Lucene search

WpvulndbWPVDB-ID:4593D175-086D-474B-A0CC-81F21179E5E0

HistoryJun 10, 2024 - 12:00 a.m.

Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

2024-06-1000:00:00

wpscan.com

wordpress

contact form 7

unauthorized access

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

JSON

Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘vsz_cf7_export_to_excel’ function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.

References

www.wordfence.com/threat-intel/vulnerabilities/id/2c66b185-fd4b-452d-890b-0f1850d8a7be

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

High

JSON

Related for WPVDB-ID:4593D175-086D-474B-A0CC-81F21179E5E0