WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0) - Vulnerability Database

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

Description

WordPress Plugin Easy Contact Forms Export is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Easy Contact Forms Export version 1.1.0 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available

References

http://www.securityfocus.com/bid/53892/exploit

http://www.exploit-db.com/exploits/19013/

http://1337day.com/exploits/18484

http://packetstormsecurity.com/files/113401/WordPress-Easy-Contact-Forms-Export-1.1.0-File-Disclosure.html

http://secunia.com/advisories/49450/

Related Vulnerabilities

Severity

High

Classification

CWE-22

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N