5.3
CVE-2024-12255
- EPSS 0.14%
- Veröffentlicht 12.12.2024 06:15:23
- Zuletzt bearbeitet 02.07.2025 20:06:31
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAccept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.
Mögliche Gegenmaßnahme
Accept Stripe Payments Using Contact Form 7: Update to version 2.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Accept Stripe Payments Using Contact Form 7
Version
* - 2.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zealousweb ≫ Accept Stripe Payments Using Contact Form 7 SwPlatformwordpress Version < 2.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.346 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.