Advanced Contact form 7 DB, CVE-2024-3723

CVE, Research URL: CVE-2024-3723
Home page URL: Security reports for Advanced Contact form 7 DB
Application: Advanced Contact form 7 DB
Published on: Jun 11, 2024
Research Description: The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.
Affected versions: Min -, max 2.0.3.
Status: vulnerable