CVE-2021-24689

Summary

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack

Affected Software

VendorProductVersion RangeStatus
UnknownContact Forms – Drag & Drop Contact Form Builder1.0.5 <= 1.0.5affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References