Description

WordPress Plugin Zedna Contact form is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Zedna Contact form version 1.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2 or latest

References

https://plugins.svn.wordpress.org/zedna-contact-form/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Top Quark Architecture 'script.php' Arbitrary File Upload (2.1.0)

WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6)

WordPress Plugin DeMomentSomTres Subscribe Cross-Site Scripting (201909190900)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.27)

WordPress Plugin WP Survey And Quiz Tool 'action' Parameter Cross-Site Scripting (1.2.1)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update Directory Traversal