CVE-2024-3870

Name of the Vulnerable Software and Affected Versions Contact Form 7 Database Addon – CFDB7 plugin for WordPress version 1.2.6.8 and earlier

Description The issue is related to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users. This is due to insufficient protection of internal data via the cfdb7 before send mail function. The vulnerability can be exploited by remote attackers to gain unauthorized access to protected information.

Recommendations For versions up to and including 1.2.6.8, consider disabling the cfdb7 before send mail function as a temporary workaround until a patch is available. Restrict access to sensitive data and uploaded files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.