CVE-2024-10084
Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own.
El complemento Contact Form 7 – Dynamic Text Extension para WordPress es vulnerable a la divulgación de información básica en todas las versiones hasta la 4.5 incluida a través del código corto CF7_get_post_var. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, extraigan los títulos y el contenido de texto de publicaciones privadas y protegidas con contraseña que no son de su propiedad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-10-17 CVE Reserved
- 2024-11-05 CVE Published
- 2024-11-05 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sevenspark Search vendor "Sevenspark" | Contact Form 7 – Dynamic Text Extension Search vendor "Sevenspark" for product "Contact Form 7 – Dynamic Text Extension" | <= 4.5 Search vendor "Sevenspark" for product "Contact Form 7 – Dynamic Text Extension" and version " <= 4.5" | en |
Affected
| ||||||