Description

WordPress Plugin Zedna Contact form is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Zedna Contact form version 1.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2 or latest

References

https://plugins.svn.wordpress.org/zedna-contact-form/trunk/readme.txt

Related Vulnerabilities

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.32)

WordPress Plugin Windows Desktop and iPhone Photo Uploader Arbitrary File Upload (1.8)

WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.13)

WordPress Plugin Import any XML or CSV File to WordPress Pro Multiple Vulnerabilities (4.1.1)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Directory Traversal