CVE-2024-7782
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 20, 2024
CWE ID 22
Summary
CVE-2024-7782 is a vulnerability affecting the Contact Form plugin by Bit Form for WordPress versions 2.0 to 2.13.4. The issue lies in the iconRemove function, which fails to adequately validate file paths. attackers with Administrator-level access can exploit this vulnerability to delete arbitrary files on the server. If the wp-config.php file is targeted, the result could be remote code execution, potentially resulting in significant security risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share