CVE-2024-10898
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-10898 is a vulnerability affecting the Contact Form 7 Email Add On plugin for WordPress. This issue, present in versions up to 1.9, allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP files through the cf7_email_add_on_add_admin_template() function. This Local File Inclusion (LFI) vulnerability poses a serious risk, enabling attackers to bypass access controls, obtain sensitive data, and execute malicious code, potentially leading to significant security implications for WordPress sites. Updating to the latest version of the plugin is strongly advised to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.