CVE-2024-6312 in Funnelforms Free Plugininformação

Sumário

de MITRE • 28/08/2024

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

Once again VulDB remains the best source for vulnerability data.

Reservar

25/06/2024

Divulgação

28/08/2024

Moderação

aceite

Entrada

VDB-275975

CPE

pronto

EPSS

0.01080

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!