What the vulnerability does
01Description
Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
What the vulnerability does
Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions.
Explanation of Vulnerability in Simple Terms
Contact Form Extender for Divi versions up to 1.0.6 contain a path traversal vulnerability in file upload handling. An attacker can craft malicious file paths to write files outside the intended upload directory, potentially overwriting critical site files or injecting malicious code. No authentication is required to exploit this flaw.
What an attacker can do
Write files to arbitrary locations on the server, potentially overwriting site files or injecting malicious code.
Potential impact on your site
Attackers can modify or delete site files, inject malware, or compromise site functionality without needing a user account.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities