CVE-2024-10898

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 21, 2024
Updated: Nov 26, 2024
CWE ID 98

Summary

CVE-2024-10898 is a vulnerability affecting the Contact Form 7 Email Add On plugin for WordPress. This issue, present in versions up to 1.9, allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP files through the cf7_email_add_on_add_admin_template() function. This Local File Inclusion (LFI) vulnerability poses a serious risk, enabling attackers to bypass access controls, obtain sensitive data, and execute malicious code, potentially leading to significant security implications for WordPress sites. Updating to the latest version of the plugin is strongly advised to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share