CVE Daily

CVE-2024-3717

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is ...

Medium CVSS 5.3

Overview

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.

CWE: N/A Published: 2024-05-02T17:15:29.987
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.3 (MEDIUM)
  • Detected tags: info_leak, wordpress (tag impact: LOW)

Recommended actions:

  • Reduce verbose errors, remove debug endpoints, minimize PII in logs.

Recommended tools

Tags