- Description
- The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpb_pcf_fire_contact_form AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
- security@wordfence.com
- CWE-94
- Hype score
- Not currently trending
🚨 CVE-2024-11038 (Published: 2024-11-19) - A high-severity vulnerability affects WordPress. Ensure you're using the latest version to mitigate risks. Check out the detailed remediation steps here: https://t.co/UEBIo0SGLo. Stay secure! #WordPress #CVE
@transilienceai
22 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11038 The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode executio… https://t.co/gry8ER4bZJ
@CVEnew
19 Nov 2024
407 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes