CVE-2024-12267

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 31, 2025
CWE ID 862
CWE ID 73

Summary

CVE-2024-12267: Unauthenticated attackers can exploit a vulnerability in the Contact Form 7 plugin's dnd_codedropz_upload_delete() function in all versions up to 1.3.8.5 for WordPress. This issue results in limited arbitrary file deletion, allowing deletion of certain files on the server but not critical ones like wp-config.php, thus preventing complete system compromise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share