CVE-2023-5822
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 22, 2023
Updated: Nov 29, 2023
CWE ID 434
Summary
CVE-2023-5822: This vulnerability affects the Contact Form 7 plugin for WordPress, specifically versions up to and including 1.3.7.3. The issue lies in the 'dnd_upload_cf7_upload' function, which lacks sufficient file type validation. Unauthenticated attackers can exploit this vulnerability by uploading arbitrary files, potentially leading to remote code execution. This can occur if a user with editor privileges or higher adds a 'multiple file upload' form field with '*' acceptable file types.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share