CVE-2024-10084

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 200

Summary

CVE-2024-10084 is a vulnerability affecting the Contact Form 7 – Dynamic Text Extension plugin for WordPress. This issue allows authenticated attackers with Contributor-level access or higher to extract the titles and text contents of private and password-protected posts, even if they do not own those posts, through the misuse of the CF7_get_post_var shortcode. The flaw, classified as a Basic Information Disclosure vulnerability, impacts all versions of the plugin up to and including 4.5. Successful exploitation may lead to the exposure of sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zlWOaW
https://www.cve.org/CVERecord?id=CVE-2024-10084
https://nvd.nist.gov/vuln/detail/CVE-2024-10084

Back to Vulnerability Database

CVE-2024-10084

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations