CVE-2024-4319

MEDIUM

Advanced Contact form 7 DB <2.0.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.

Scores

CVSS v3 5.3
EPSS 0.0048
EPSS Percentile 38.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
vsourz1td/Advanced Contact form 7 DB < 2.0.2
Published Jun 11, 2024
Tracked Since Feb 18, 2026