PT-2024-30364 · WordPress · Advanced Contact Form 7 Db

1337_Wannabe

Published

2024-06-11

Updated

2024-06-11

CVE-2024-4319

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Advanced Contact form 7 DB plugin for WordPress versions up to, and including, 2.0.2

Description The issue allows unauthorized access to data due to a missing capability check on the vsz cf7 export to excel function. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.

Recommendations For versions up to, and including, 2.0.2, consider disabling the vsz cf7 export to excel function until a patch is available to prevent unauthorized access to form entry data.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2024-4319

Affected Products

Advanced Contact Form 7 Db

PT-2024-30364 · WordPress · Advanced Contact Form 7 Db

CVE-2024-4319

Weakness Enumeration

Related Identifiers

Affected Products

References · 5