1 results (0.001 seconds)
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24689 – Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read
https://notcve.org/view.php?id=CVE-2021-24689
The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack El plugin Contact Forms - Drag & Drop Contact Form Builder de WordPress versiones hasta 1.0.5, permite a usuarios con altos privilegios descargar archivos arbitrarios del servidor web por medio de un ataque de salto de ruta. • https://wpscan.com/vulnerability/31824250-e0d4-4285-97fa-9880b363e075 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •