CVE-2024-10084

CVSS V2 None CVSS V3 None

Description

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own.

Overview

CVE ID
CVE-2024-10084

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-11-05T21:29:17.783Z

Last Modified Date
2024-11-05T21:44:09.263Z

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/e051a83e-ad5a-4789-bfee-e03aa9d6a3fc?source=cve
https://plugins.trac.wordpress.org/browser/contact-form-7-dynamic-text-extension/tags/4.5.0/includes/shortcodes.php#L225

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-10084
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10084

History

Created	Old Value	New Value	Data Type	Notes
2024-11-06 13:30:36				Added to TrackCVE