CVE-2024-3717 · CVEKit

cve.orgen

361 chars

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.

NVDen

361 chars

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.

NVDes

409 chars

El complemento Drag and Drop Multiple File Upload – Contact Form 7 para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.3.7.7 incluida a través del directorio '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files'. Esto hace posible que atacantes no autenticados extraigan datos confidenciales cargados a través de este complemento a través de un formulario.

CVSS metrics across sources

4

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N