PT-2022-9448 · WordPress · The Contact Forms - Drag & Drop Contact Form Builder

Davide Taraschi

Published

2022-02-28

Updated

2022-03-07

CVE-2021-24689

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin versions 1.0.0 through 1.0.5

Description The issue allows high privilege users to download arbitrary files from the web server via a path traversal attack.

Recommendations For The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin versions 1.0.0 through 1.0.5, update to a version later than 1.0.5 to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-24689

Affected Products

The Contact Forms - Drag & Drop Contact Form Builder

PT-2022-9448 · WordPress · The Contact Forms - Drag & Drop Contact Form Builder

CVE-2021-24689

Weakness Enumeration

Related Identifiers

Affected Products

References · 3