WordPress Plugin Vulnerabilities

Advanced Contact form 7 DB < 2.0.3 - Sensitive Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.

Affects Plugins

Plugin icon
advanced-cf7-db
Fixed in 2.0.3

References

CVE
CVE-2024-3723
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9a1f1a1-4f0a-48b5-80c8-525b69006863

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Tim Coen
Verified
No
WPVDB ID
8a3dd93d-abaf-47f3-bc52-0c1d07213de0

Timeline

Publicly Published
2024-06-10 (about 1 year ago)
Added
2024-06-11 (about 1 year ago)
Last Updated
2025-02-07 (about 1 year ago)

Other

Published
Title
Published
2023-06-08
Title
Metform Elementor Contact Form Builder < 3.3.2 - Multiple Subscriber+ Sensitive Information Disclosure Issues
Published
2025-08-11
Title
WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure
Published
2022-03-22
Title
Ninja Forms < 3.6.8-wp - Unauthenticated Email Address Disclosure
Published
2025-02-23
Title
System Dashboard < 2.8.19 - Authenticated (Subscriber+) Sensitive Information Exposure
Published
2024-09-05
Title
LiteSpeed Cache < 6.5.0.1 - Unauthenticated Sensitive Information Exposure via Log Files