2024-11-26
Platform: WordPress
Version: Contact Form 7 Email Add On plugin <= 1.9
Vulnerability: Local File Inclusion
Severity: HIGH
Date: November 21, 2024 (NVD Published Date)
What Undercode Says:
This blog post highlights a critical vulnerability (CVE-2024-10898) affecting the Contact Form 7 Email Add On plugin for WordPress versions up to 1.9. This vulnerability allows attackers with Contributor-level access or higher to execute arbitrary PHP code on the server. This can lead to serious consequences such as bypassing access controls, stealing sensitive data, or even taking complete control of the website.
We strongly recommend updating the Contact Form 7 Email Add On plugin to the latest version immediately to mitigate this risk.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help