CVE-2024-52447 – WordPress Contact Page With Google Map plugin <= 1.6.1 - Arbitrary File Deletion vulnerability

https://notcve.org/view.php?id=CVE-2024-52447

Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1. Path Traversal: la vulnerabilidad '.../...//' en Corporate Zen Contact Page With Google Map permite el Path Traversal. Este problema afecta a la página de contacto con Google Map: desde n/a hasta 1.6.1. The Contact Page With Google Map plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/contact-page-with-google-map/wordpress-contact-page-with-google-map-plugin-1-6-1-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-35: Path Traversal: '.../...//' CWE-862: Missing Authorization •