Description

WordPress Plugin Zedna Contact form is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Zedna Contact form version 1.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2 or latest

References

https://plugins.svn.wordpress.org/zedna-contact-form/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Find My Blocks Information Disclosure (3.3.2)

Drupal Core 7.x Remote Code Execution (7.0 - 7.57)

WordPress Multiple Vulnerabilities (0.70 - 3.6.1)

WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA Multiple Cross-Site Scripting Vulnerabilities (0.4.3)

WordPress Plugin Booster for WooCommerce Multiple Vulnerabilities (5.6.6)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Directory Traversal