CVE-2024-10898 | krishaweb Contact Form 7 Email Add On Plugin up to 1.9 on WordPress cf7_email_add_on_add_admin_template filename control

Posted by Angelo Barbosa | Nov 21, 2024 | CVE

A vulnerability was found in krishaweb Contact Form 7 Email Add On Plugin up to 1.9 on WordPress and classified as critical. Affected by this issue is the function cf7_email_add_on_add_admin_template. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is handled as CVE-2024-10898. The attack may be launched remotely. There is no exploit available.

CVE-2024-10898 | krishaweb Contact Form 7 Email Add On Plugin up to 1.9 on WordPress cf7_email_add_on_add_admin_template filename control

Related Posts

CVE-2024-45678 | Yubico YubiKey/YubiHSM ECDSA Secret Key timing discrepancy

CVE-2024-9412 | Rockwell Automation Verve Asset Manager prior 1.38 placement of user into incorrect group

CVE-2024-9693 | GitLab Community Edition/Enterprise Edition up to 17.3.6/17.4.3/17.5.1 authorization (Issue 497449)

CVE-2024-22226 | Dell Unity up to 5.3 svc_supportassist path traversal (dsa-2024-042)