Vulnerability Description
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/contact-form-cfdb7/trunk/contact-form
- https://plugins.trac.wordpress.org/changeset/3077090/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/995a6c1d-fb49-4953-982
- https://plugins.trac.wordpress.org/browser/contact-form-cfdb7/trunk/contact-form
- https://plugins.trac.wordpress.org/changeset/3077090/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/995a6c1d-fb49-4953-982
FAQ
What is CVE-2024-3870?
CVE-2024-3870 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This c...
How severe is CVE-2024-3870?
CVE-2024-3870 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-3870?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.