CVE-2024-11038

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Nov 19, 2024
CWE ID 94

Summary

CVE-2024-11038 is a vulnerability affecting the CF7 Popup plugin for WordPress, specifically versions up to and including 1.7.5. The issue stems from a flaw in the wpb_pcf_fire_contact_form AJAX action, which allows unauthenticated attackers to execute arbitrary shortcodes due to insufficient validation before running do_shortcode. This vulnerability could potentially lead to code injection and serious security risks for WordPress sites using the WPB Popup plugin.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share