CVE-2024-8756

9 Nov 2024

Título es

CVE-2024-8756

Sáb, 09/11/2024 – 06:15

Tipo

CWE-200

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-8756

Descripción en

The Quform – WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes it possible for unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users. Files uploaded via forms created before version 2.21.0 will remain vulnerable to exposure after upgrading. To fully patch the plugin, site administrators should download any previously uploaded files, delete previously existing files and forms, and create the forms again after upgrading to version 2.21.0.

09/11/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://codecanyon.net/item/quform-wordpress-form-builder/706149

https://www.wordfence.com/threat-intel/vulnerabilities/id/beb8ea66-3cd7-452f-9e64-8439de0ddc55?source=cve

Enviar en el boletín

Off

CVE-2024-8756

CVE-2024-8756

Jose Alexis Correa Valencia