CVE-2024-12267
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jan 31, 2025
CWE ID 862
CWE ID 73
Summary
CVE-2024-12267: Unauthenticated attackers can exploit a vulnerability in the Contact Form 7 plugin's dnd_codedropz_upload_delete() function in all versions up to 1.3.8.5 for WordPress. This issue results in limited arbitrary file deletion, allowing deletion of certain files on the server but not critical ones like wp-config.php, thus preventing complete system compromise.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share