The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/includes/plugin-pages.php?rev=3003884#L1213 - Issue Tracking | |
References | () https://plugins.trac.wordpress.org/changeset/3028640/contact-form-entries#file1 - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/120313be-9f98-4448-9f5d-a77186a6ff08?source=cve - Patch, Third Party Advisory |
06 Feb 2024, 20:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/includes/plugin-pages.php?rev=3003884#L1213 - Issue Tracking | |
References | () https://plugins.trac.wordpress.org/changeset/3028640/contact-form-entries#file1 - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/120313be-9f98-4448-9f5d-a77186a6ff08?source=cve - Patch, Third Party Advisory | |
First Time |
Crmperks database For Contact Form 7\, Wpforms\, Elementor Forms
Crmperks |
|
CPE | cpe:2.3:a:crmperks:database_for_contact_form_7\,_wpforms\,_elementor_forms:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-434 |
31 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-31 03:15
Updated : 2024-11-21 08:49
NVD link : CVE-2024-1069
Mitre link : CVE-2024-1069
CVE.ORG link : CVE-2024-1069
JSON object : View
Products Affected
crmperks
- database_for_contact_form_7\,_wpforms\,_elementor_forms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type