CVE-2021-24689

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
28/02/2022
Last modified:
07/03/2022

Description

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:wpeverest:contact_form:*:*:*:*:*:wordpress:*:* 1.0.5 (including)