Description

WordPress Plugin Zedna Contact form is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Zedna Contact form version 1.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2 or latest

References

https://plugins.svn.wordpress.org/zedna-contact-form/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Myftp SQL Injection (2.0)

WordPress Plugin 3D Flick Slideshow 'upload.php' Arbitrary File Upload (2.1)

WordPress Plugin MailChimp for WordPress Cross-Site Scripting (2.2.7)

WordPress Plugin API Bearer Auth Cross-Site Scripting (20181229)

WordPress Plugin Auto Attachments TimThumb Arbitrary File Upload (0.3)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Directory Traversal