CVE-2021-24689

CVE-2021-24689: Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read

Vendor Unknown
Product Contact Forms – Drag & Drop Contact Form Builder
Weakness CWE-22 · Path traversal
Published February 28, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack

Key dates

02Disclosure timeline

February 28, 2022 CVE published
August 3, 2024 Record updated